* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2006-09-14 13:48]: > There's a whole section on this in the SAG. > > Shortanswer, you need "bpcd" from the master or media server to the > client, "vnetd" the reverse direction. You have to make sure you > configure the client for "no callback connections" via the bpclient > command or, no doubt, someplace in the GUI. > > Users on the client cannot perform their own restores using this. I'm > told, but have not verified, that you can enable "bprd" from client to > master to allow this.
Speaking as a backup guy who is now on the firewall team, using vnetd is by far the recommended way of dealing with the firewall. If all you are dealing with is backup servers to client machine, the short list is: Server -> Client port 13782 (bpcd) Client -> Server ports 13724 (vnetd) and 13720 (bprd) Yes client initiated restores will work with just these ports. If your backup servers are hanging off of a DMZ so that your admin clients using the Java GUI need to get access, you can also use: Admin Client -> Server ports 13722 (bpjava) and 13724 (vnetd) This will also require the /usr/openv/java/nbj.conf file setting of NBJAVA_CONNECT_OPTION=1 (default is 0) The only downside to vnetd that I have heard of but not seen personally is that you are limited to a single stream for backups, which could impact your backup model if you are trying to use NEW_STREAM file directives. If that is the case, you can configure port ranges and I highly recommend using ALLOW_NON_RESERVED_PORTS as part of that. Using low ports (<1024) by default is one of the stupidest things NBU ever did. -- David Rock [EMAIL PROTECTED] _______________________________________________ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu