[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Amanda Error via IPMasq...

On Fri, 3 Sep 1999, Erwann CORVELLEC wrote:

> > The tapeserver DOES have setuid-root on "amcheck" for the backup
> > group.  This will not affect, however, the ports that the gateway uses
> > for IP masquerading, which allocates a port > 60,000.  Is there any
> > way I can force the gateway to use a port below 1024 (which amanda
> > considers secure) for amcheck connections?
>   Did you have a look at :
> http://members.home.net/ipmasq/ipmasq-HOWTO-1.77.html
> http://juanjox.kernelnotes.org/
>   Maybe the solution would be to redirect ports as is done for ICQ here :
> http://members.home.net/ipmasq/ipmasq-HOWTO-1.77-6.html#ss6.10

Nope.  Redirection and port forwarding won't work...but...  I played
around with the autofw module of the ipmasqadm tool and found this:

   "-d <type> <low> <high>      specifies a set of ports which will
				not use the default high range 
				(60000+)masquerade port area"

YES!  Exactly what I needed (I hoped).  So, I took a gamble and
entered this into the gateway machine:

	# ipmasqadm autofw -d udp 10080 10080

Then on the tape server:

	# amcheck -c DailySet1

The answer:

	Client check: 5 hosts checked in 2.136 seconds, 0 problems

YES!!!  It worked!  After two full days, I've finally got it working!
And such a simple solution.  I could change the high to include the
kamanda port, but why? :)  *sigh* Anyway, kudos to Juanjo and the
Linux ipmasquerade team!  You saved me the headache of installing a
kerberos server (the comments in dgram.c in amanda's source code noted
that the program doesn't care what port it goes over if kerberos is

It's now time for a beer!



| Chad Walstrom           mailto:chewie@wookimus.net | 
| ICQ: 9985127           http://wookimus.net/~chewie |
 Need a new truck?  Check out my '97 Explorer 2-door
   Sport at http://wookimus.net/~chewie/truck.html

Reply to: