On Thu, 4 Apr 2002, Ward Violanti wrote: > > Hi Amanda Users, > > > I have a question, I would like to use Amanda on servers that we have > outside our firewall. Is there anyway, to get Amanda to work without > opening ports on the firewall? Such as using SSH or some other way, or will > Amanda work with only using ports open through the firewall? > > I have read the FAQs on the Amanda site, and I don't understand why there > has to be a range of UDP ports open. Would it work with just using one UDP > port, instead of opening a range of UDP ports? Maybe someone could explain > how and why, and which ports I should open on the firewall. > > Thanks! > Ward. >
While I'm sure JJ and other lurking can confirm the true details, I believe that the clients start sending back udp packets to the server like so (from one of my client sendbackup files): sendbackup: stream_server: waiting for connection: 0.0.0.0.729 sendbackup: stream_server: waiting for connection: 0.0.0.0.730 sendbackup: stream_server: waiting for connection: 0.0.0.0.731 waiting for connect on 729, then 730, then 731 sendbackup: stream_accept: connection from <firewall>.719 sendbackup: stream_accept: connection from <firewall>.720 sendbackup: stream_accept: connection from <firewall>.721 got all connections Since ssh is a tcp connection, I don't see anyway to have Amanda use that as the transport device because of how it was designed to use udp for speed/etc. If you compile Amanda to restrict the tcp/udp portranges, it won't open up anything on your firewall that the public can see, it's more that your firewall is configured to pass such connections on to the clients and vice-versa. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Doug Silver Network Manager Quantified Systems, Inc ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
