On Thu, Jul 1, 2010 at 1:07 PM, McGraw, Robert P <[email protected]> wrote: > I want to set the unreserved-tcp-port range to a smaller subset.
I'd first ask, "why"? This parameter was added so that people could not open as many ports in their firewall, but if you think about it, that's like closing your front door a little bit more, but not latching it - it doesn't increase security at all. > Q1) How do I calculate the max number of ports that I will need? Each concurrent dump will use three ports, I think.. > Q2) If I set unreserved-tcp-port to something like 48050-48XXX does this > affect the /etc/service "amanda 10080/tcp" port? From my reading it sounds > like unreserved-tcp-port is for communication with the chunker/taper > processes. No, the connection process is that the server connects from a low port to port 10080 on the client. After some protocol negotiation, the client opens up 3 additional high ports per dump, and the server connects to those. Dustin -- Open Source Storage Engineer http://www.zmanda.com
