Hiya, Using NAT seems like a valid solution too, but how about IP spoofing?
Regards, Rick ----- Original Message ----- From: "Bill Boyer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 21, 2002 10:00 PM Subject: Re: Backups through a firewall > ALso depending on your firewal, you could always NAT the TSM server address. > Through the firewall you could assign an OUTSIDE address that gets > translated to the INSIDE address of the TSM server. You can also put rules > to limit the connections through port 1500 only to the TSM server address. > If you change the default port of 1500 for the TSM server you need to change > ALL of your clients to use this new port number. If you use POLLING (which > the TSM Clients manual says is the only supported schedmode for backups thru > firewalls) then you only need the 1500 port open. I wouldn't recomment > running the CAD server for webclient on those servers outside the firewall, > either. Just gives those hackers another open port to play with... > > Bill Boyer > DSS, Inc. > > > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]]On Behalf Of > Rick Harderwijk > Sent: Tuesday, May 21, 2002 3:44 PM > To: [EMAIL PROTECTED] > Subject: Re: Backups through a firewall > > > Hi, > > Wanda wrote: > > All the firewall guy had to do was create a rull that allows TCP/IP > traffic > > through the firewall for port 1500 for the particular client address. > > > > If you use SCHEDMODE PROMPTED, I believe you also have to enable port > 1501. > > If you want to use the web client to do TSM backups/restores remotely, > that > > uses port 1581. > > > > All those ports are configurable, i.e., you can tell TSM client and server > > to use different ports if you want > > I would STRONGLY suggest to choose different ports. I believe there's a list > out there, I think it's through IANA (www.iana.org - somebody please confirm > that) that tells which port is 'registered' . Pick some free ports high up, > preferably not next to each other (I would go pick like 7492, 9816 and 9752- > handpicked these :) ). Wouldn't want some h*cker discovering you're using > 1234 with some sec hole somewhere and let him just try 1235 and 1236, now > would we? > > But hey, waddah I know, it's just my $.02 - maybe I'm wrong. At least > someone on the list will tell you, and you'll never forget (and neither will > I). > > Regards, > > Rick
