-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Amcheck finnaly work. I found out that my default policy in ipchains for FORWARD is to reject. But now amdump wasn't succesfull.
FAILURE AND STRANGE DUMP SUMMARY: zeus.vpn-r /dev/sda1 lev 0 FAILED [could not connect to zeus.vpn-remote.com] I'm only doing forwarding on my vpn server, no NAT. /sbin/ipchains -A forward -i sl0 -s 192.168.1.85 -d 192.168.200.2 Tcpdump of the session shows that my amanda-server(192.168.1.85) sends a reset after a syn+ack from the client. I wonder why is it behaving in such a way. Anyone had any same experience? 374291 192.168.1.85.780 > 192.168.200.2.amanda: udp 261 (DF) 387224 192.168.200.2.amanda > 192.168.1.85.780: udp 50 (DF) 396628 192.168.200.2.amanda > 192.168.1.85.780: udp 179 (DF) 399308 192.168.1.85.780 > 192.168.200.2.amanda: udp 50 (DF) 399596 192.168.1.85.47613 > 192.168.200.2.44047: S 1008865307:1008865307(0) win 5840 <mss 1460,sackOK,timestamp 73404559 0,nop,wscale 0> (DF) 399656 192.168.200.2.44047 > 192.168.1.85.47613: S 1014524685:1014524685(0) ack 1008865308 win 3792 <mss 960,sackOK,timestamp 1724500735 73404559,nop,wscale 1> (DF) 400743 192.168.1.85.47613 > 192.168.200.2.44047: R 1008865308:1008865308(0) win 0 (DF) On Friday 14 June 2002 05:00, Bort, Paul wrote: > There are several available approaches: (in no particular order) > > 1) reconfigure the VPN tunnel so that the AMANDA traffic is not subject to > NAT. > > 2) use a separate VPN tunnel for AMANDA that bypasses NAT. > > 3) rebuild AMANDA with a specific port range (search the archives for > details). > > 4) rebuild AMANDA without the port check (not recommended, but also in the > archive.) > > > -----Original Message----- > > From: adi [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, June 13, 2002 4:33 PM > > To: [EMAIL PROTECTED] > > Subject: Re: amanda and vpnd > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi again, if i can't make this to work, then can i make > > amanda accept if it is > > coming from a high numbered port or even any number port? Thanks. > > > > On Friday 14 June 2002 00:43, adi wrote: > > > Hello, > > > i have a problem running amcheck. My amanda server has a > > > > private ip and > > > > > needs to backup a remote server(live ip). Amanda server > > > > connects to the > > > > > vpnd server which is on a local lan and tunnel thru the vpn > > > > connection in > > > > > order to do a backup. The remote machine which has to be > > > > backed up has a > > > > > serial link established to the vpn server. > > > > > > The first time i tried running amcheck, it complains that > > > > it's(the vpn > > > > > server) is coming from a port which is not secure. So i > > > > need to redirect > > > > > connections coming from amanda server to a well-known port > > > > and then forward > > > > > it to the amanda client. Correct? I wonder if anyone has > > > > been successfull > > > > > at this attempt? This is my ipchains on the vpn server. > > > > > > /sbin/ipchains -A forward -i sl0 -s 192.168.1.85 -d > > > > 192.168.200.2 -j MASQ > > > > > /sbin/ipchains -A input -j REDIRECT 600 -p udp -s 192.168.1.85 -d > > > 192.168.200.2 10080 > > > > > > 192.168.1.85 is the amanda server. > > > 192.168.200.2 is the amanda client > > > The vpn server serial ip is 192.168.100.2. > > > > > > This is the output of amcheck. > > > > > > Amanda Backup Client Hosts Check > > > -------------------------------- > > > WARNING: zeus.vpn-remote: selfcheck request timed out. Host down? > > > Client check: 1 host checked in 30.006 seconds, 1 problem found > > > > > > I've been cracking my head for 2 days now.. help needed, thanks. > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.6 (GNU/Linux) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE9CQFpInIYkBVpGqURAuEfAJ92h1BMgNCn5JO/gei+MGI3FsmvHgCdH6R4 > > TLu3DbvCM/gyQDolAqwvjUg= > > =DuEj > > -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9CTX6InIYkBVpGqURAse3AJ4yRzixj0IKUeW8nkrNfRDMZDOz4ACfSaJ2 /fQWyoUUEtaqz9INzIDF3Rw= =pCns -----END PGP SIGNATURE-----
