Gene Heskett wrote:
>On Monday 14 October 2002 04:43, Hery Zo RAKOTONDRAMANANA wrote:
>
>
>>Hi all,
>>
>>I'm using amanda-2.4.2p2-4 on a debian woody system with xinetd.
>>I used to backup my amanda server via "localhost". Since my amanda
>>server has multiple interfaces, I want to limit amanda to
>>listening to 192.168.11.1 (eth1) interface only. This can be done
>>through the "bind" directive of xinetd but for "localhost".
>>
>>Even if i change from "localhost " to the FQDN name of
>>192.168.11.1 in my disklist, amcheck always report a "request
>>timeout"
>>
>>Anyone can tell me (or show some directions) how can I achieve
>>this?
>>
>>
>>
>This sounds as if you either don't have the proper amanda related
>file(s) in your /etc/xinetd.d directory, or you didn't restart
>xinetd when you installed them.
>
Thanks for replying Gene.
I put all my xinetd config my /etc/xinetd.conf file, that I erstart each
time I modify it.
If i ever put the directive "bind = 192.168.11.1" for all services
related to amanda on my xinetd.conf, I think it's working since I no
more can backup the machine "localhost" (which uses 127.0.01 I think)-
it's not the way I'd like it to be :). My matter is: since my amanda
server is a gateway between my private and a public network, how safe is
it to let xinetd listen on all interfaces for amanda ports ?
Now, the result of my netstat -tanp (without bind directive in
xinetd.conf) looks:
tcp 0 0 0.0.0.0:10083 0.0.0.0:*
LISTEN 21854/xinetd
tcp 0 0 0.0.0.0:10082 0.0.0.0:*
LISTEN 21854/xinetd
if I activate the "bind" directive on each amanda service:
grmbl:~# netstat -tanp | grep 1008
tcp 0 0 192.168.11.1:10083 0.0.0.0:*
LISTEN 15855/xinetd
tcp 0 0 192.168.11.1:10082 0.0.0.0:*
LISTEN 15855/xinetd
This is a more convenient configuration IMHO since I can play on my
firewall rules (BTW, I have a different backup network for each server).
Somehow, my problem is that I no more can backup my amanda-server this way.
service amanda
{
socket_type = dgram
protocol = udp
wait = yes
user = backup
server = /usr/lib/amanda/amandad
bind = 192.168.11.1
}
I can eventually play with the "only_from" directive of xinetd so that
I'll have inetd listening on 0.0.0.0:10083 but how safe this
configuration is?
Regards.
Hery Zo
>
>The proper file should look like this:
>----------------------------
># default = off
>#
># description: Part of the Amanda server package
># This is the list of daemons & such it needs
>service amanda
>{
> disable = no
> socket_type = dgram
> protocol = udp
> wait = yes
> user = amanda
> group = disk
> groups = yes
>
bind = 192.168.11.1
> server = /usr/local/libexec/amandad
>}
>service amandaidx
>{
> disable = no
> socket_type = stream
> protocol = tcp
> wait = no
> user = amanda
> group = disk
> groups = yes
> server = /usr/local/libexec/amindexd
>}
>service amidxtape
>{
> disable = no
> socket_type = stream
> protocol = tcp
> wait = no
> user = amanda
> group = disk
> groups = yes
> server = /usr/local/libexec/amidxtaped
>}
>-----------------------
>adjust the group if required, everything else should correspond to a
>std amanda install.
>
>
>
