On Sun, Apr 22, 2001 at 09:50:43AM -0400, Todd Pfaff wrote:
>
> Is my situation more involved because of the IP-masquerading firewall?
Yes. There are several shortcomings with Amanda and IP-masquerading:
- You can backup only _one_ machine outside firewall
- _Everyone_ from inside firewall can run an amanda server and
request backups from the outside machine. (This is often not a big problem
if the outside machine has only "public" content (e.g. Webserver))
- You have to tell Amanda Client outside firewall not to do reserved
port checking, in common-src:
===================================================================
RCS file: RCS/security.c,v
retrieving revision 1.1
diff -u -r1.1 security.c
--- security.c 2001/03/15 20:44:46 1.1
+++ security.c 2001/03/15 20:45:30
@@ -218,6 +218,7 @@
/* next, make sure the remote port is a "reserved" one */
+#ifdef 0
if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
ap_snprintf(number, sizeof(number), "%d", ntohs(addr->sin_port));
*errstr = vstralloc("[",
@@ -227,6 +228,7 @@
amfree(remotehost);
return 0;
}
+#endif
/* extract the remote user name from the message */
> Does anyone know what I've missed?
>
Not really. You should get a debug file on the client anyway. The client should
complain about unsecure port. Not getting a debug file looks like a firewall
misconfiguration to me. Of course all other FAQ items on amcheck failures
also apply :-(
Ciao
Dietmar
--
Alles Gute / best wishes
Dietmar Goldbeck E-Mail: [EMAIL PROTECTED]
Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western
Civilization? Gandhi: I think it would be a good idea.
