http://amanda.sourceforge.net/fom-serve/cache/139.html wrote:
> Amanda from behind a firewall > > Running an Amanda server from behind a firewall, to clients outside > it, can be a bit tricky. > > Amanda uses quite a few ports for communications. The general > sequence is: > 1) The server makes a start backup request on port 10080 to the > client. > 2) The client forks an amandad process, which then attempts to > contact the server on a random udp port. > 3) The server opens 2 or 3 random TCP sockets back to the client per > dumper process. (one for data, one for messages and one for index, > if indexing is enabled.) > 4) data starts shuffling. > > The problem with a firewall is step 2. Since most firewalls are set > up to allow any outgoing traffic, the others steps usually have no > problems. But that random UDP port back in to the server is usually > blocked. This causes a symptom of "timeout waiting ack" in > /tmp/amanda/amandad.debug on the client. > ... > You can also use the "connection tracking" feature of the new linux > 2.4 firewall code. This will eliminate the need to open incoming > ports on the firewall. > [EMAIL PROTECTED] Hi everyone, I have a dream: to run the stock Red Hat 7.2 Amanda build on machines where both the client and server run a firewall. To do this, i think i'm going to need connection tracking. :-) Is there any documentation available on using netfilter connection tracking with Amanda? I found this thread on the netfilter developers list: http://lists.samba.org/pipermail/netfilter-devel/2001-May/001263.html It's nearly a year old, and there was no resolution at the time. Has anyone got it working? Paul http://paulgear.webhop.net
