Hi everyone, I've successfully setup Amanda to backup our internal servers. Our setup is the classic DMZ setup:
inner network => inner-firewall => DMZ => outer-firewall => internet The Backup Server is in the inner network. The firewalls are both running debian 2.2 potato with ipchains (unfortunately kernel doesn't seem to have port-forwarding capabilities and I don't like to roll my own if there is another way ...). Now I have to backup one host which sits in the DMZ. Both amanda instances (on the backup server and the client in the DMZ) were compiled with the following configure options: '--with-portrange=850,854' '--with-udpportrange=850,854' Unfortunately amcheck is unable to connect to the client in the DMZ. I then monitored with tcpdump what is happening: Backupserver (inner network) binds to a port between 850-854 and tries to connect to the backup client in the DMZ on port 10080. The connection of course goes to the inner-firewall, which maps the port (850-854) to a highport and forwards the request to the backup client in the DMZ. The latter machine tries to connect back to the backup server in the inner network. Passing through the inner firewall the highport gets translated back to the original port 850-854. Looks good to me - but doesn't work :( amcheck complains with "port (insert-highport-here) is not secure". I've read the amanda FAQs but the answer given to this problem didn't help because I haven't installed the firewalls and am by far no firewall magician. Why does amanda receive the highport which should have been mapped back by the inner-firewall? And what rules do I have to add to make it work? Do I need port forwarding? Or is there another way to do what I want? Thanks a lot for your help! Toby --------------------------------------------------- http://www.funkreich.de // may the funk be with you
