Jean-Louis,
Yes, the ability to hit the socket makes sense, especially as
amcheck is ok and amdump, which uses many more network resources,
does not.
I'm not seeing the failures I'd expect to see, which may simply
mean I don't actually know what I'm looking for.
The failure "bad security" is confusing to me in terms of the
networking.
I've already been over the sockets on the new client with the
manager of that system, but will do so again on Monday morning.
[root@stackb ~]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- 199.184.30.0/24 anywhere udp dpt:mysql
ACCEPT udp -- curieb.wadsworth.org anywhere udp spts:932:948
dpt:amanda
ACCEPT tcp -- curieb.wadsworth.org anywhere tcp
spts:10084:itap-ddtp dpts:10084:itap-ddtp
ACCEPT udp -- curie.wadsworth.org anywhere udp spts:932:948
dpt:amanda
ACCEPT tcp -- curie.wadsworth.org anywhere tcp
spts:10084:itap-ddtp dpts:10084:itap-ddtp
ACCEPT tcp -- 199.184.30.0/24 anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
In the mean time, just for reference, I cleaned out the server's
files under /tmp/amanda and then ran amdump against the one client.
> amdump curie labsci-stage
I am attaching the /tmp/amanda tree as a tar file. Just so its
not lost if we need to refer back to it later on.
thank you/good weekend,
Brian
On Fri, Apr 12, 2013 at 01:28:02PM -0700, Jean-Louis Martineau wrote:
> On 04/12/2013 11:52 AM, Brian Cuttler wrote:
> >
> >amandad: try_socksize: send buffer size is 65536
> >amandad: try_socksize: receive buffer size is 65536
> >amandad: time 3.128: bind_portrange2: trying port=831
> >amandad: time 3.129: stream_server: waiting for connection: 0.0.0.0.36507
> >amandad: try_socksize: send buffer size is 65536
> >amandad: try_socksize: receive buffer size is 65536
> >amandad: time 3.136: bind_portrange2: trying port=831
> >amandad: time 3.136: stream_server: waiting for connection: 0.0.0.0.38560
> >amandad: try_socksize: send buffer size is 65536
> >amandad: try_socksize: receive buffer size is 65536
> >amandad: time 3.143: bind_portrange2: trying port=831
> >amandad: time 3.144: stream_server: waiting for connection: 0.0.0.0.49357
> >amandad: time 3.144: sending REP pkt:
> ><<<<<
> >CONNECT DATA 36507 MESG 38560 INDEX 49357
> >OPTIONS features=fffffeff9ffeffff07;
>
> The server should connect to these ports, check the server dumper debug
> files, try to disable firewall and selinux.
>
> Jean-Louis
>
---
Brian R Cuttler [email protected]
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
