yes, i solved this by patching this file security.c
it's a dirty hack, but in my setup it doesn't worry me...
*** security.c Mon Dec 4 22:45:01 2000
--- ../../amanda-2.4.2p2-patched/common-src/security.c Thu Mar 14
18:58:51 2002
***************
*** 227,233 ****
/* next, make sure the remote port is a "reserved" one */
! if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
ap_snprintf(number, sizeof(number), "%d",
ntohs(addr->sin_port));
*errstr = vstralloc("[",
"host ", remotehost, ": ",
--- 227,233 ----
/* next, make sure the remote port is a "reserved" one */
! /* if(ntohs(addr->sin_port) >= IPPORT_RESERVED) {
ap_snprintf(number, sizeof(number), "%d",
ntohs(addr->sin_port));
*errstr = vstralloc("[",
"host ", remotehost, ": ",
***************
*** 235,241 ****
"]", NULL);
amfree(remotehost);
return 0;
! }
/* extract the remote user name from the message */
--- 235,241 ----
"]", NULL);
amfree(remotehost);
return 0;
! } */
/* extract the remote user name from the message */
On Wed, 2002-03-20 at 15:23, KEVIN ZEMBOWER wrote:
> I haven't been paying attention to this whole thread, but thought I'd
> throw my two cents in.
>
> I was never able to get amanda to work through a firewall using NAT.
> The way NAT works in the Elron Commander firewall, and most other ones,
> I think, is by arbitrarily reassigning port numbers to keep track of
> which connection on the inside corresponds to which communication on the
> outside.
>
> Example:
> Amanda on host tapehost talks to host X from port 932/UDP (I'm making
> this up from my setup). Host X responds correctly, because it was
> addressed from the proper privileged (<1024) port.
> Now, amanda on host tapehost wants to talk to host X from port 932/UDP,
> but the request gets sent to the firewall. The firewall assigns a random
> port, in the unprivileged range (>1024), let's say 10080. It records in
> it's lookup table that packets from tapehost are assigned to port 10800.
> In most applications, this would be fine, as the recipient would send
> the packets back to the firewall at port 10080, and the firewall would
> match port 10080 with tapehost and send the packet in to it. However,
> with amanda, when host X gets the packet from port 10080, it rejects it
> with an error message like "Unprivileged port"
>
> To diagnosis this, I used a combination of netcat and tcpdump, on both
> the sender and recipient.
>
> I was never able to overcome this, because the Elron firewall software
> can't not translate the port, as far as I and our Information Services
> group could tell.
>
> Since the original poster didn't mention this error message at all,
> this explanation may not relate to his problem.
>
> Sorry if this doesn't apply. If it does, and you have further
> questions, please write.
>
> -Kevin Zembower
>
> -----
> E. Kevin Zembower
> Unix Administrator
> Johns Hopkins University/Center for Communications Programs
> 111 Market Place, Suite 310
> Baltimore, MD 21202
> 410-659-6139
>
--
este email foi escrito ao som de:
%s
