Yup. First of all, i'm really hoping to find the time to write an
iptables module that handles Amanda, but i haven't gotten to that yet.
In the meantime, i can help You.
I've forgotten when the two options were introduced, but the configure
script takes the options --with-portrange and --with-udpportrange. I
would suggest that You move to Amanda 2.4.3b3 (available at the
SourceForge project page for Amanda:
http://sourceforge.net/projects/amanda/) -- it's an easy upgrade,
appears to do better with the firewalling port ranges (gives better
error messages), and i have been using it for months with no complaints.
To get back to the question, if i say --with-portrange=1900-1910 (i
believe these must be >1024) and --with-udpportrange=900-910 (i believe
these must be <1024), then i need the following rules (the amanda
service is in /etc/services):
-p udp -s backupserver --sport 900:910 -d client --dport amanda
-p tcp -s backupserver --sport 1024: -d client --dport 1900:1910
-p tcp -s client -d backupserver --dport 10082:10083
That last rule is for restores. (I'm not sure i've ever tested that
part.) The initial communication for runtime estimation purposes takes
place over UDP (it's the first line above), and this typically takes a
long time, so running into timeouts for stateful UDP (-m state --state
NEW) is common. I've found the following rule helpful for that purpose:
-p udp -s client --sport amanda -d backupserver --dport 900:910
Hope this solves Your problems!
-&
[EMAIL PROTECTED] wrote:
> amdump (amanda 2.4.2) appears to use specified ports (such as 10080,
> 10081, 10082, and 10083). BUT then the actual transfer of data seems
> to go over another port. these ports don't appear to be fixed and
> range quite a bit (different every time).
--
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.
