On Monday 14 October 2002 09:45, Hery Zo RAKOTONDRAMANANA wrote:
>Gene Heskett wrote:
>>On Monday 14 October 2002 04:43, Hery Zo RAKOTONDRAMANANA wrote:
>>>Hi all,
>>>
>>>I'm using amanda-2.4.2p2-4 on a debian woody system with xinetd.
>>>I used to backup my amanda server via "localhost". Since my
>>> amanda server has multiple interfaces, I want to limit amanda
>>> to listening to 192.168.11.1 (eth1) interface only. This can be
>>> done through the "bind" directive of xinetd but for
>>> "localhost".
>>>
>>>Even if i change from "localhost " to the FQDN name of
>>>192.168.11.1 in my disklist, amcheck always report a "request
>>>timeout"
>>>
>>>Anyone can tell me (or show some directions) how can I achieve
>>>this?
>>
>>This sounds as if you either don't have the proper amanda related
>>file(s) in your /etc/xinetd.d directory, or you didn't restart
>>xinetd when you installed them.
>
>Thanks for replying Gene.
>I put all my xinetd config my /etc/xinetd.conf file, that I
> erstart each time I modify it.
gaaacckkk! Thats the script that runs xinetd. Restore it to std
please. That file I posted goes in the directory /etc/xinetd.d
where it will be scanned and acted on accordingly when the time
comes.
>If i ever put the directive "bind = 192.168.11.1" for all services
>related to amanda on my xinetd.conf, I think it's working since I
> no more can backup the machine "localhost" (which uses 127.0.01 I
> think)- it's not the way I'd like it to be :). My matter is:
> since my amanda server is a gateway between my private and a
> public network, how safe is it to let xinetd listen on all
> interfaces for amanda ports ? Now, the result of my netstat -tanp
> (without bind directive in xinetd.conf) looks:
>tcp 0 0 0.0.0.0:10083 0.0.0.0:*
>LISTEN 21854/xinetd
>tcp 0 0 0.0.0.0:10082 0.0.0.0:*
>LISTEN 21854/xinetd
>
Which looks good, indicating that xinetd is listening on the right
ports, and from the PID number, recently restarted.
Here again, the tendency to use localhost will come back and bite
you, please use only FQDN's, and have them defined either in your
/etc/hosts files or properly setup in named. I am doing that here
even if this machines drive is the only one being backed up.
>
>if I activate the "bind" directive on each amanda service:
>grmbl:~# netstat -tanp | grep 1008
>tcp 0 0 192.168.11.1:10083 0.0.0.0:*
>LISTEN 15855/xinetd
>tcp 0 0 192.168.11.1:10082 0.0.0.0:*
>LISTEN 15855/xinetd
>
>This is a more convenient configuration IMHO since I can play on
> my firewall rules (BTW, I have a different backup network for
> each server). Somehow, my problem is that I no more can backup my
> amanda-server this way.
>
>service amanda
>{
> socket_type = dgram
> protocol = udp
> wait = yes
> user = backup
> server = /usr/lib/amanda/amandad
> bind = 192.168.11.1
>}
>
Where are the other two services amanda needs? See the file I
posted for example. It also apears that amanda wasn't configured
and built as the user 'amanda' from the above 'backup'ry as thats
normally the name of a 'group' not a 'user'.
>I can eventually play with the "only_from" directive of xinetd so
> that I'll have inetd listening on 0.0.0.0:10083 but how safe this
> configuration is?
You shouldn't attempt to mix inetd and xinetd stuff. Strange things
might occur.
Now, I'm gonna snip the rest of my old message, as you have that
file already (you will have to edit the ip addresses too), and then
append the configuration file I've used to set amanda up for the
last year. By putting it in a script, each succeeding version of
amanda gets built with exactly the same options and there are NO
upgrade surprises. Without further adieu: gh.cf, clip, paste to
editor, save as gh.cf, set chmod +x and run it as ./gh.cf
--------------------------
#!/bin/sh
# since I'm always forgetting to su amanda...
if [ `whoami` != 'amanda' ]; then
echo
echo "!!!!!!!!!!!! Warning !!!!!!!!!!!!"
echo "Amanda needs to be configured and built by the user amanda,"
echo "but must be installed by user root."
echo
exit 1
fi
make clean
rm -f config.status config.cache
./configure --with-user=amanda \
--with-group=disk \
--with-owner=amanda \
--with-tape-device=/dev/nst0 \
--with-changer-device=/dev/sg1 \
--with-gnu-ld --prefix=/usr/local \
--with-debugging=/tmp/amanda-dbg/ \
--with-tape-server=192.168.1.3 \
--with-amandahosts \
--with-configdir=/usr/local/etc/amanda
-------------------
adjust this to suit your hardware, and your IP addressing.
--
Cheers, Gene
AMD K6-III@500mhz 320M
Athlon1600XP@1400mhz 512M
99.18% setiathome rank, not too shabby for a WV hillbilly
