Jeff, Yeah, I have included these ports for the rules set for connectivity to our NetBackup server.
I also allow access to the range of ports from 512 to 1024 as the range of "random" ports required by netbackup: Veritas NetBackup Server - juniper0.ssd.census.gov # - 4 ports from /etc/services pass in log quick on eri0 proto tcp from x.x.x.x to loghost port = 13720 fl ags S keep state pass in log quick on eri0 proto tcp from x.x.x.x to loghost port = 13722 fl ags S keep state pass in log quick on eri0 proto tcp from x.x.x.x to loghost port = 13782 fl ags S keep state pass in log quick on eri0 proto tcp from x.x.x.x to loghost port = 13783 fl ags S keep state # 2003 January 23 - jthomas # Added -- Having socket failures with backup. pass in log quick on eri0 proto tcp from x.x.x.x to loghost port = 13724 fl ags S keep state # - range of ports selected randomly by NetBackup server pass in log quick on eri0 proto tcp from x.x.x.x to loghost port 512 >< 1024 flags S keep state The problem is that when the box has ipfilter enabled with this configuration,the NetBackup Administrators report that the full backups are failing due to socket timeout errors. I'm resolved to believe that it's a problem with IPFilter because full backups are able to complete when packet filtering is turned off. Since we already have firewalling on our networks, I could just open up all ports to the Netbackup server, but I really would like to get this thing right. Any more suggestions? John
