Changes made and backup done this morning, no problems. The client has only 10080 TCP/UDP ports open.
Thanks a lot, Charles On Wed, 18 Jul 2007 10:51:21 -0400 Jean-Louis Martineau <[EMAIL PROTECTED]> wrote: > Since you are using amanda-2.5.2p1, I suggest you use the bsdtcp auth. > It will require no firewall rules. > Port 10082 and 10083 are not use in 2.5.2 and above, your server need > them only if you have older client (amrecover). > > To use bsdtcp auth: > - change your dumptype to have: auth "bsdtcp" > - change your amanda xinetd configuration: > socket_type = stream > protocol = tcp > wait = no > server_args = -auth=bsdtcp amdump amindexd > amidxtaped > > Jean-Louis > > Marc Muehlfeld wrote: > > Hi, > > > > Charles Stroom schrieb: > > > amcheck reports no problem. > > > > amcheck doesn't use the full source/destination portrange like > > amdump. > > > > > > > > > On the client, I have opened TCP/UDP port 10080, and TCP > > > ports 10082 and 10083, because I seem to have seen something like > > > that when googling. > > > > You need only 10080 on the client. 10082 (amandaidx) and 10083 > > (amidxtape) you have on your index-/tapeserver. > > > > > > But also the server connects do different ports. You can limit this > > for a better and more tight firewall-configuration when you set > > --with-portrange and --with-udpportrange at configure. I used > > > > ./configure ..... --with-portrange=50000,50150 > > --with-udpportrange=850,900 > > > > And at a iptables protected machine you have to set it like this: > > > > $IPTABLES -A INPUT --match state --state NEW --in-interface > > $LAN_DEV \ --source $BAKSERV --destination $LAN_IP --protocol udp > > --sport 850:900 \ > > --dport 10080 --jump ACCEPT > > > > $IPTABLES -A INPUT --match state --state NEW --in-interface > > $LAN_DEV \ --source $BAKSERV --destination $LAN_IP --protocol tcp > > --syn \ --sport 50000:50150 --dport $PORTS_UNPRIV --jump ACCEPT > > > > $IPTABLES -A INPUT --match state --state NEW --in-interface > > $LAN_DEV \ --source $BAKSERV --destination $LAN_IP --protocol tcp > > --syn \ --sport $PORTS_UNPRIV --dport 50000:50150 --jump ACCEPT > > > > Just replace the variables with your settings/variables. > > > > > > A different way is to use the specific netfilter modules for > > handling amanda's connections (ip_conntrack_amanda, ip_nat_amanda). > > > > > > Regards > > Marc > > > > > -- Charles Stroom email: charles at no-spam.stremen.xs4all.nl (remove the "no-spam.")