I haven't been paying attention to this whole thread, but thought I'd throw my two cents in.
I was never able to get amanda to work through a firewall using NAT. The way NAT works in the Elron Commander firewall, and most other ones, I think, is by arbitrarily reassigning port numbers to keep track of which connection on the inside corresponds to which communication on the outside. Example: Amanda on host tapehost talks to host X from port 932/UDP (I'm making this up from my setup). Host X responds correctly, because it was addressed from the proper privileged (<1024) port. Now, amanda on host tapehost wants to talk to host X from port 932/UDP, but the request gets sent to the firewall. The firewall assigns a random port, in the unprivileged range (>1024), let's say 10080. It records in it's lookup table that packets from tapehost are assigned to port 10800. In most applications, this would be fine, as the recipient would send the packets back to the firewall at port 10080, and the firewall would match port 10080 with tapehost and send the packet in to it. However, with amanda, when host X gets the packet from port 10080, it rejects it with an error message like "Unprivileged port" To diagnosis this, I used a combination of netcat and tcpdump, on both the sender and recipient. I was never able to overcome this, because the Elron firewall software can't not translate the port, as far as I and our Information Services group could tell. Since the original poster didn't mention this error message at all, this explanation may not relate to his problem. Sorry if this doesn't apply. If it does, and you have further questions, please write. -Kevin Zembower ----- E. Kevin Zembower Unix Administrator Johns Hopkins University/Center for Communications Programs 111 Market Place, Suite 310 Baltimore, MD 21202 410-659-6139
