Hi, Andreas,
on Donnerstag, 17. Juni 2004 at 21:07 you wrote to amanda-users:
AS> It appears that a change occured in ip_conntrack_amanda.c between AS> 2.6.5-rc1 and rc2 (this change isn't mentioned in the Changelog or I am AS> unable to find it). I don't know what I was thinking when I went from an AS> almost fully modular netfilter setup to a fully static compiled one, AS> obviously I'm back to the modular setup and my backups are workin as AS> long as ip_nat_amanda and ip_conntrack_amanda are not loaded.
AS> I am still under the impression that it's not meant to fail just for
AS> loading support for amanda in netfilter, but I might be wrong. A AS> question that I immedietly thinks of is if the netfilter amanda NAT code
AS> worked earlier/works now or has been working all the time. Apparently it
AS> makes backups on the tapeserver impossible right now, so my guess is
AS> that it isn't working at all, but I don't have any need for it right now
AS> so maybe someone who uses it can verify if it is working at all.
So you had those two modules loaded/compiled-in in all your kernel-configs?
Yes, I have thought about backup up a remote machine so I thought it would be nice to have it available if I would try to set it up.
Does it work now wihout them and with which Kernel-releases?
I've only tested with 2.6.7 actually, but it works.
AS> Anyway here's the diff from 2.6.5-rc1 to 2.6.5-rc2:
AS> --- rc1/linux-2.6.5/net/ipv4/netfilter/ip_conntrack_amanda.c AS> 2004-04-04 05:37:36.000000000 +0200
AS> +++ rc2/linux-2.6.5/net/ipv4/netfilter/ip_conntrack_amanda.c .....
AS> + exp->mask.dst.u.tcp.port = 0xFFFF;
AS> +
.....
At least we have our port-number 65535 here ;-)
Right..
IMHO we shouldn't discuss rc-diffs as the rc-versions don't matter anymore.
I am too less of a kernel-hacker to comment this diff.
Maybe someone who uses it will tell us more.
I think that I should probably report these findings to the lkml but it would be nice to hear if someone who uses these two netfilter "addons" could check wether it works or not. It could be a problem that only occurs in my configuration.
I only see this:
.../Kernel_Sourcen/2.6 # diff -ru ./linux-2.6.4/net/ipv4/netfilter/ip_conntrack_amanda.c ./linux-2.6.5/net/ipv4/netfilter/ip_conntrack_amanda.c .../Kernel_Sourcen/2.6 #
Does using a firewall-module make sense if your AMANDA-server is equal to your AMANDA-client?
No, when I found out that it was something within netfilter that caused it I immedietly knew that it would be the amanda_nat stuff. But I have just marked them as modules now so they are available if I want to try them some more.
I must say that I'm a bit dissapointed that my mail to lkml didn't clear this out in the first place, I have always thought that it was the kernel that made the error, I just didn't realize that compiling netfilter stuff could have a severe impact even if you are not explicitly using it in your iptables config.
Now I know better and I'm back to my netfilter setup of most stuff modular and only the things I know I use is statically compiled.
/Andreas
/Andreas
