On Thu, 20 Nov 2003 at 8:26am, Rebecca Pakish Crum wrote > I'm running amanda 2.4.2p2 on a RH box as my backup server. I installed > the amanda client on my (sol8) firewall on Friday, and set up a rule for > the server to get to the firewall for amanda services - amcheck runs > fine and reports no errors. But when my amdump kicks off at night, my > report says: > > firewall.unter /export/home/rebecca lev 0 FAILED [could not connect to > firewall.unterlaw.com]
You have to allow traffic on not just the amanda port, but also high numbered TCP ports for the data connections. On Linux clients, I put in the following iptables rules: # Amanda from chaos -A INPUT -p udp -s $SERVER_IP_ADDRESS -d 0/0 --dport 10080 -j ACCEPT -A INPUT -p tcp -m tcp -s $SERVER_IP_ADDRESS -d 0/0 --dport 1025:65535 -j ACCEPT With just the first rule (allowing UDP traffic to port 10080), the client will pass amcheck but fail amdump. The second rule (allowing TCP traffic to all non-priviledged ports) actually allows data to flow. -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
