I'm using bsd auth everywhere in my environment, and I'm successfully backing up machines on public IPs from my amanda server inside our NAT firewall. I put the name/ip of the NAT firewall itself into my client's .amandahosts file, not the name of the Amanda server. Theoretically, anyone inside my company firewall could create a bogus amanda server and backup that public machine, but I'm living with that risk for now.
The main thing I usually forget to check is that the client may have iptables or ufw running that may be blocking Amanda, especially if you aren't loading the kernel module for ip_conntrack_amanda or nf_conntrack_amanda in the firewall's conf file. Just having rules for 10080 isn't enough, you need the conntrack module Also, otherwise amcheck will pass but amdump will fail to send any data from the client. >> At the moment, I'm still getting "selfcheck request failed: EOF on read". Doesn't that mean the Amanda server is failing to talk to itself? The last time I saw that, I'd fatfingered the line in /etc/inetd.conf for the Amanda service itself, on the backup server. Amanda packages all assume you're using bsdtcp so they setup the thing to use '... stream tcp' by default, so you have to change that back to 'dgram udp' and fix the auth=bsdtcp to auth=bsd in the parameters. I haven't tried using the ssh stuff. -- Joi Owen System Administrator Pavlov Media, Inc -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jean-Louis Martineau Sent: Thursday, August 07, 2014 5:03 PM To: Debra S Baddorf Cc: Chris Hoogendyk; AMANDA users Subject: Re: Amanda 3.3.6 server going through NAT to 2.5.3 client? bsd auth will not works if the server is behind a NAT. bsdtcp auth should works. On 08/07/2014 05:46 PM, Debra S Baddorf wrote: > I'm at v3.3.3 on my server and have a couple of clients at 2.5.0p2. They > work fine, with auth=bsd. I haven't tried auth=ssh. > > Deb Baddorf > > > On Aug 7, 2014, at 3:51 PM, Chris Hoogendyk <[email protected]> wrote: > >> I've been having a bit of trouble adding a client today and just wanted to >> get a reality check before I bang my head too much. >> >> My new server with Amanda 3.3.6 is temporarily on a private address inside >> our department NAT. I was just trying today to add a 2.5.3 client that is in >> another department on a public address. I can ssh to it, and I am using >> auth=ssh. I've got the keys set up. One thing I noticed is that the key was >> specifying /usr/local/libexec/amandad, but the newer Amanda was calling for >> /usr/local/libexec/amanda/amandad. I tried working around that by creating >> the directory on the client and symlinking all the executables into the >> directory. After that, I at least was getting debug files on the client >> (before it had been nothing). >> >> Am I going to be able to get this working? Or is it an insurmountable >> problem to be on a private address behind the NAT? >> >> It seems from http://wiki.zmanda.com/man/amanda-compatibility.7.html that >> the versions ought not to be an issue, but I don't know what other things >> besides the amanda directory in libexec might be getting tangled up between >> the older Amanda and the newest Amanda. >> >> At the moment, I'm still getting "selfcheck request failed: EOF on read". >> >> -- >> --------------- >> >> Chris Hoogendyk >> >> - >> O__ ---- Systems Administrator >> c/ /'_ --- Biology & Geology Departments >> (*) \(*) -- 347 Morrill Science Center ~~~~~~~~~~ - University of >> Massachusetts, Amherst >> >> <[email protected]> >> >> --------------- >> >> Erdös 4 >>
