[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help: Amanda over IPChains

On Thu, 2 Sep 1999, ^chewie wrote:


> extinok chain: client
> ---------------------
> ipchains -A extinok -p udp -s <gateway> amanda \
> 	-d <client> amanda -j ACCEPT

This I did wrong.  I needed the source portion of the chain to say
gateway w/o a port, or ports between 600:1023.  Not sure why these
ports are used, though.

> Auto masquerade forwarding: Gateway
> -----------------------------------
> ipmasqadm autofw -r udp amanda amanda

This also needed to be removed.  That is why the ->
<tapeserver> was showing up.  Plus it was disabling those udp ports on
the gateway machine so that it couldn't be backed up by the amanda

Now, I'm faced with another problem.  Amanda won't back up the
webserver over the gateway because:

"ERROR: yoda.ltiflex.com: [host mail.ltiflex.com: port 62733 not

Now, this has to deal with the high ports that Linux uses for
masquerading.  This question goes to the Amanda users: will enabling
kerberos amanda resolve this error?  If not, this goes to the
ipchains-masquerading gurus, how can I make this masquerade "secure".
Should I look into doing an ssh-pipe of some kind?  VPN?  (Wouldn't
that be a little overboard?)

Looking forward to your comments.



| Chad Walstrom           mailto:chewie@wookimus.net | 
| ICQ: 9985127           http://wookimus.net/~chewie |
 Need a new truck?  Check out my '97 Explorer 2-door
   Sport at http://wookimus.net/~chewie/truck.html

Reply to: