Hi, 23.06.2009 17:04, Dirk Bartley wrote: > Sure, iptables allows for connection based rules as well as the old > ipchains style rules based rules. > > So your probably using connection based rules like : > iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT > iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT > > just add something like > > iptables -A INPUT -p tcp --source fd_dmz_ipaddress --destination > sd_internal_address --dport 9103 ACCEPT
Yup. That should work. But back to your problem, Dirk: Have you tried the "heartbeat interval" setting? That should generate some traffic so that the pix doesn't time-out the seemingly stale connection. Arno > Or something to that effect. This just accepts without considering > whether a connection has been established. At least that's my > understanding of it, I've been less than perfect before though. > > Dirk > > On Tue, 2009-06-23 at 10:20 -0400, Matthew Komar wrote: >> I'm having a similar issue with a machine that is behind a pfSense >> firewall (which is iptables based). Do you have a quick fix for me? >> >> Dirk Bartley wrote: >>> Greetings >>> >>> Moved a machine into a dmz behind a pix515e firewall. Created a rule to >>> allow the fd to connect to the sd and it seems to work, except for one >>> little peculiarity on a larger backup job. >>> >>> On a server that backs up about 60GB, it fails at the very tail end of >>> the backup. The firewall log is showing that it is tearing down the tcp >>> connection due to a TCP Reset-I then denying the connection a bit later. >>> >>> I'm not finding much I can do in the firewall to solve the issue. I was >>> contemplating putting a direct connection cable beween the fd and the sd >>> to solve this. (Darn cisco, if this firewall was iptables, a solution >>> would be easy) >>> >>> Anybody have any other ideas?? >>> >>> Thanks in advance for any assistance. >>> >>> Dirk >>> > > > > ------------------------------------------------------------------------------ > Are you an open source citizen? Join us for the Open Source Bridge conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. > Need another reason to go? 24-hour hacker lounge. Register today! > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > -- Arno Lehmann IT-Service Lehmann Sandstr. 6, 49080 Osnabrück www.its-lehmann.de ------------------------------------------------------------------------------ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
