On Fri, 3 Sep 1999, Erwann CORVELLEC wrote:
> > The tapeserver DOES have setuid-root on "amcheck" for the backup
> > group. This will not affect, however, the ports that the gateway uses
> > for IP masquerading, which allocates a port > 60,000. Is there any
> > way I can force the gateway to use a port below 1024 (which amanda
> > considers secure) for amcheck connections?
>
> Did you have a look at :
> http://members.home.net/ipmasq/ipmasq-HOWTO-1.77.html
> http://juanjox.kernelnotes.org/
>
> Maybe the solution would be to redirect ports as is done for ICQ here :
> http://members.home.net/ipmasq/ipmasq-HOWTO-1.77-6.html#ss6.10
Nope. Redirection and port forwarding won't work...but... I played
around with the autofw module of the ipmasqadm tool and found this:
"-d <type> <low> <high> specifies a set of ports which will
not use the default high range
(60000+)masquerade port area"
YES! Exactly what I needed (I hoped). So, I took a gamble and
entered this into the gateway machine:
# ipmasqadm autofw -d udp 10080 10080
Then on the tape server:
# amcheck -c DailySet1
The answer:
Client check: 5 hosts checked in 2.136 seconds, 0 problems
found.
YES!!! It worked! After two full days, I've finally got it working!
And such a simple solution. I could change the high to include the
kamanda port, but why? :) *sigh* Anyway, kudos to Juanjo and the
Linux ipmasquerade team! You saved me the headache of installing a
kerberos server (the comments in dgram.c in amanda's source code noted
that the program doesn't care what port it goes over if kerberos is
enabled).
It's now time for a beer!
Later!
^chewie
+----------------------------------------------------+
| Chad Walstrom mailto:[EMAIL PROTECTED] |
| ICQ: 9985127 http://wookimus.net/~chewie |
+----------------------------------------------------+
Need a new truck? Check out my '97 Explorer 2-door
Sport at http://wookimus.net/~chewie/truck.html
