Hi! I have an Amanda Server running behind a Check Point Firewall (R75.20). Connections to the Internet are natted behind the firewall's external IP address thus the source port as well as the source ip address is translated. The Amanda client (3.2.1) runs on a machine directly connected to the Internet (no NAT).
When checking the next backup with amcheck, I get the following error message: ERROR: NAK <amanda-client>: host <firewall>: port 27271 not secure There is a kernel parameter for Check Point firewall, affecting the behavior for NAT of UDP privileged source ports. As default, Check Point (should) translate(s) the source port to a privileged port if the original source port was a privileged port: fwx_udp_hide_high: When not "0", a UDP connection from this (low) port will be hidden behind high port (10000+) instead of low ports (600-1023). As this parameter is default 0 (as well as on my firewall), the connection should be natted as described above, but it isn't. The source port is always a high port >10000. Anyway, how can I achieve, that Amanda accepts such translated connections (xlated to high ports)? Thank you! Regards, Thomas
