-----BEGIN PGP SIGNED MESSAGE-----
I backup 7 local systems with Amanda. Three Linux boxes (1 Debian/i386, 1 RH/i386, 1 RH/Netwinder), and four NetBSD/i386 boxes. There is a NetBSD/ipf firewall between the backup server (NetBSD/i386) and some of the boxes. Some of the backups also occur over IPsec (yes, even though they are all "local"). Two boxes on the same wire as backup server (plus the server itself) work flawlessly. The IPsec connected ones work fine. The three behind the firewall fail frequently, but not 100% of the time. I setup backups for just those hosts, and watch with tcpdump. I've built with the appropriate port ranges, but I never seen firewall failures, yet I get failures. Coincidentally, the machines that fail are all less than 300Mhz systems, (233Mhz, 350Mhz, 200Mhz), while the machines that work are 650Mhz+. The backup server itself, however is a K5-133 running NetBSD/i386, and a lot of SCSI spindles. (Yeah, it needs to be replaced) The 233Mhz box used to be a P75. It was upgraded in January, and the first backup right after the upgraded worked, but then failed after that. These failing boxes have between 2Gb and 6Gb - not huge amounts by today's standards. (The working boxes have 12Gb through 100Gb of storage...) My impression is that the failures are because the backup time estimates take too long and the backup server gives up on them. One the clients, I don't see any errors in the /tmp/amanda output - it looks normal to me. I've been through the documentation and the FAQs, and I've watched tcpdump's of the traffic going through... nothing obvious. Is there some additional detail on the server that I might find? Is there some way to run the server with additional debugging on, particularly relating to port 10080 transactions? ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPNR2qYqHRg3pndX9AQGBxQQAuiyATc2bk7kP00aZDRyQimirryhkTzBg sJTZmkLtvhQU70UpZQSP5KsF74CskoCWGSRU6JBMlNJRnOdtg6eoLx3fx1MLVHKL x0Epf0jEXlbI2pFtV5to+eDQ3vJibs91HcTUsbHOgYG9qHWGl/UxVO5QkQl1K+Fz vHTrYILMMME= =DhyL -----END PGP SIGNATURE-----
