--On Wednesday, September 15, 2004 15:28:21 -0400 KEVIN ZEMBOWER <[EMAIL PROTECTED]> wrote:
> The discussion's petered out on my request for which ports to ask the firewall > administrator to open to allow amanda to work through our firewall, but I'm still > hoping for an answer, as I still can't come up with one myself. There was one > comment that > ports 10080-10083 are fixed, no matter what --with-???portrange switches are used. > Is this fact or fiction? I think fact. Those are the ones listed in /etc/services. > In the spirit of re-phrasing the question, can anyone help me complete the following > sentence to my firewall administrator: > Please open port numbers ____ through ____ for [UDP|TCP|both] packets [from|to] my > tapehost (inside fw) [to|from] my client(s). > > That sentence may have to be completed more than once for each different range, > protocol or direction. Usually, when discusion dies down without a clear answer it means nobody is really sure of the exact answer, although I think someone gave you a very good description of the backup process port usage. I've got firewall rules that work (for me), but they may be allowing more than absolutely necessary (i.e., some ports open bidirectionally when they only need to be open one direction with the 'established allow' rule covering the response packets). In the interest of science (and my own curiosity) I've set up a packet capture on one of my VPN boxes to log network traffic between one of my tape servers and a remote client tonight. Since the two servers don't normally talk with each other except for the backup, tomorrow I should be able to see the exact sequence of events, and since that client is a very small backup (/etc and /vaar/spool/cron/crontabs) it shouldn't be a huge mass to wade through. I'll let you know tomorrow what I discover. Frank > > Thanks, again, for any help. > > -Kelvin > > ----- > E. Kevin Zembower > Internet Systems Group manager > Johns Hopkins University > Bloomberg School of Public Health > Center for Communications Programs > 111 Market Place, Suite 310 > Baltimore, MD 21202 > 410-659-6139 > -- Frank Smith [EMAIL PROTECTED] Sr. Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501
