Brian Cuttler wrote, On 3/24/2009 7:42 AM:
Jean-Louis,On Tue, Mar 24, 2009 at 10:37:22AM -0400, Jean-Louis Martineau wrote:Hi,Server use tcp port between 10084 and 10100 to connect to client trel.wadsworth.org on port 56446.It looks good.Do you have firewall on server or client? Disable them while you test amanda.Can you post server and client debug files?We've opened the ports that we expected to use on the client, the server is not running a FW. I'd thought that the amanda TCP ports where well known and had assumed it was the dump on the client that was choosing a upd port that the server was not listening to because of --with-udpportrange=932,948. We will disable FW on the MAC for further testing, but I know that there is a preference to keep it running. Are the ports predictable so that we can at least somewhat restrict the range ?
I believe the ports *are* predictable to an extent, Jean-Louis. I've successfully configured a FreeBSD Amanda server to backup another FreeBSD server running a firewall in the past.
I used: <http://wiki.zmanda.com/index.php/Configuration_with_iptables#IP_Traffic> and <http://wiki.zmanda.com/index.php/TCP/UDP_ports> for guidance. -- Glenn Gillis Information Technology Manager Environmental Law Alliance Worldwide U.S. Office http://www.elaw.org
BK - please disable FW, at least for testing, let me know when does and I'll initiate amdump. thank you, BrianJean-Louis Brian Cuttler wrote:I am running Amanda 2.6.1-20090227 on Solaris 10 with ZFS and snapshots !! to an LTO4 in a SL24 jukebox.I'm trying to add some remote clients, starting with the one that gives me the most trouble. Moving the MAC with 300 Gig of storage to the x4500 amanda platform with the Gig interface and off of the SF280 with the 100 Meg interface and the LTO3... However we find the following error on the server FAILURE DUMP SUMMARY:trel / lev 0 FAILED [too many dumper retry: "[could not connect DATA stream: can't connect stream to trel.wadsworth.org port 56446: Connection timed out]"]We did build the server with port restrictions, because that is the way we are going. --with-udpportrange=932,948 --with-tcpportrange=10084,10100 We seem to have build the amand client on the MAC without port restrictions, the client is 2.4.5p1. Is there any magic, short of a client rebuild to resolve the error ? I am on the correct path ? My mac expert is hoping he doesn't have to relearn how to rebuild, or is there a current MAC build with port restriction in use available ? thank you, Brian --- Brian R Cuttler [email protected] Computer Systems Support (v) 518 486-1697 Wadsworth Center (f) 518 473-6384 NYS Department of Health Help Desk 518 473-0773 IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or>from someone who was not authorized to send it to you, please do notdistribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation.--- Brian R Cuttler [email protected] Computer Systems Support (v) 518 486-1697 Wadsworth Center (f) 518 473-6384 NYS Department of Health Help Desk 518 473-0773 IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or from someone who was not authorized to send it to you, please do not distribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation.
smime.p7s
Description: S/MIME Cryptographic Signature
