How To:Set Up iptables for Amanda: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
=== Objective === | === Objective === | ||
The purpose of this page is to provide a quick | The purpose of this page is to provide a quick recipe for configuring a firewall using iptables for use with AMANDA. | ||
More detailed information about port usage can be found in the [http://www.amanda.org/docs/portusage.html AMANDA documentation]. | More detailed information about port usage can be found in the [http://www.amanda.org/docs/portusage.html AMANDA documentation]. | ||
Line 55: | Line 55: | ||
=== IP Traffic === | === IP Traffic === | ||
'''Note! The following is probably not correct. Needs to be verified.''' | |||
'''Could somebody with more knowledge of AMANDA please confirm?''' | |||
Traffic is sent between the hosts in the following manner during the backup process. | |||
Waiting state: | Waiting state: | ||
Line 70: | Line 76: | ||
amandad process begins on each client: | amandad process begins on each client: | ||
xHost accepts request on 10080/upd | xHost accepts request on 10080/upd | ||
xHost replies to TSHost on a port in --with-tcpportrange | xHost replies (sendbackup) to TSHost on a port in --with-tcpportrange | ||
Traffic is sent between the hosts in the following manner during recovery. | |||
??? (Need somebody with more knowledge of AMANDA to explain) | |||
Will continue with iptables config once the above is confirmed... |
Revision as of 00:44, 5 December 2005
Configuration with iptables
Objective
The purpose of this page is to provide a quick recipe for configuring a firewall using iptables for use with AMANDA.
More detailed information about port usage can be found in the AMANDA documentation.
Assumptions
We assume the following:
- a tape server host, TSHost, having IP address 192.168.2.2
- TSHost is not directly connected to the Internet
- TSHost is also an AMANDA backup client
- firewall server FWHost with IP address 192.168.2.1
- FWHost is also an AMANDA backup client
- FWHost is accessible from the Internet through IP address 1.2.3.4
- local host LHost with IP address 192.168.2.3
- remote host RHost, accessible via 2.3.4.5
- each host uses iptables
- each host has a basic policy of "deny all incoming" and "accept all outgoing"
Also:
- AMANDA is configured on each host --with-tcpportrange 50000:50100
- AMANDA is configured on each host --with-udpportrange 700:710
+---------+ | RHost | | 2.3.4.5 | +---------+ | | | +-----------+ | FWHost | | 1.2.3.4 | |192.168.2.1| +-----------+ / \ / \ / \ +-----------+ +-----------+ | LHost | | TSHost | |192.168.2.3| |192.168.2.2| +-----------+ +-----------+
Services Used
- AMANDA tape server host: amandaidx (10082/tcp), amandatape (10083/tcp)
- AMANDA client: amandad (10080/udp)
The port numbers here are the ports that these services are listening on.
IP Traffic
Note! The following is probably not correct. Needs to be verified. Could somebody with more knowledge of AMANDA please confirm?
Traffic is sent between the hosts in the following manner during the backup process.
Waiting state: RHost listens on 10080/udp FWHost listens on 10080/udp LHost listens on 10080/udp TSHost listens on 10080/udp amdump process begins: TSHost sends request to RHost on port 10080/udp (via FWHost) TSHost sends request to FWHost on port 10080/udp TSHost sends request to LHost on port 10080/udp TSHost sends request to localhost on port 10080/udp amandad process begins on each client: xHost accepts request on 10080/upd xHost replies (sendbackup) to TSHost on a port in --with-tcpportrange
Traffic is sent between the hosts in the following manner during recovery.
??? (Need somebody with more knowledge of AMANDA to explain)
Will continue with iptables config once the above is confirmed...