Re: Help: Amanda over IPChains
On Thu, 2 Sep 1999, ^chewie wrote:
..[snip]..
> extinok chain: client
> ---------------------
> ipchains -A extinok -p udp -s <gateway> amanda \
> -d <client> amanda -j ACCEPT
This I did wrong. I needed the source portion of the chain to say
gateway w/o a port, or ports between 600:1023. Not sure why these
ports are used, though.
...[snip]...
> Auto masquerade forwarding: Gateway
> -----------------------------------
> ipmasqadm autofw -r udp amanda amanda
This also needed to be removed. That is why the 0.0.0.0 ->
<tapeserver> was showing up. Plus it was disabling those udp ports on
the gateway machine so that it couldn't be backed up by the amanda
client.
Now, I'm faced with another problem. Amanda won't back up the
webserver over the gateway because:
"ERROR: yoda.ltiflex.com: [host mail.ltiflex.com: port 62733 not
secure]"
Now, this has to deal with the high ports that Linux uses for
masquerading. This question goes to the Amanda users: will enabling
kerberos amanda resolve this error? If not, this goes to the
ipchains-masquerading gurus, how can I make this masquerade "secure".
Should I look into doing an ssh-pipe of some kind? VPN? (Wouldn't
that be a little overboard?)
Looking forward to your comments.
Later!
^chewie
+----------------------------------------------------+
| Chad Walstrom mailto:chewie@wookimus.net |
| ICQ: 9985127 http://wookimus.net/~chewie |
+----------------------------------------------------+
Need a new truck? Check out my '97 Explorer 2-door
Sport at http://wookimus.net/~chewie/truck.html
Reply to: