How To:Set Up iptables for Amanda: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 17: | Line 17: | ||
* local host LHost with IP address 192.168.2.3 | * local host LHost with IP address 192.168.2.3 | ||
* remote host RHost, accessible via 2.3.4.5 | * remote host RHost, accessible via 2.3.4.5 | ||
* each host uses iptables | |||
* each host has a basic policy of "deny all incoming" and "accept all outgoing" | |||
Also: | |||
* AMANDA is configured on each host with --with-tcpportrange and --with-udpportrange | |||
+---------+ | |||
| RHost | | |||
| 2.3.4.5 | | |||
+---------+ | |||
| | |||
| | |||
| | |||
+-----------+ | |||
| FWHost | | |||
| 1.2.3.4 | | |||
|192.168.2.1| | |||
+-----------+ | |||
/ \ | |||
/ \ | |||
/ \ | |||
+-----------+ +-----------+ | |||
| LHost | | TSHost | | |||
|192.168.2.3| |192.168.2.2| | |||
+-----------+ +-----------+ | |||
=== Services Used === | |||
* AMANDA tape server host: amandaidx (10082/tcp), amandatape (10083/tcp) | |||
* AMANDA client: amandad (10080/udp) | |||
The port numbers here are the ports that these services are listening on. | |||
=== IP Traffic === | === IP Traffic === | ||
Waiting state: | |||
RHost listens on 10080/udp | |||
FWHost listens on 10080/udp | |||
LHost listens on 10080/udp | |||
TSHost listens on 10080/udp | |||
amdump process begins: | |||
TSHost sends request to RHost on port 10080/udp (via FWHost) | |||
TSHost sends request to FWHost on port 10080/udp | |||
TSHost sends request to LHost on port 10080/udp | |||
TSHost sends request to localhost on port 10080/udp | |||
amandad process begins on each client: | |||
xHost accepts request on 10080/upd | |||
xHost replies to TSHost on a port in --with-tcpportrange | |||
To be continued... | To be continued... |
Revision as of 03:54, 2 December 2005
Configuration with iptables
Objective
The purpose of this page is to provide a quick recipie for configuring a firewall using iptables for use with AMANDA.
More detailed information about port usage can be found in the AMANDA documentation.
Assumptions
We assume the following:
- a tape server host, TSHost, having IP address 192.168.2.2
- TSHost is not directly connected to the Internet
- TSHost is also an AMANDA backup client
- firewall server FWHost with IP address 192.168.2.1
- FWHost is also an AMANDA backup client
- FWHost is accessible from the Internet through IP address 1.2.3.4
- local host LHost with IP address 192.168.2.3
- remote host RHost, accessible via 2.3.4.5
- each host uses iptables
- each host has a basic policy of "deny all incoming" and "accept all outgoing"
Also:
- AMANDA is configured on each host with --with-tcpportrange and --with-udpportrange
+---------+ | RHost | | 2.3.4.5 | +---------+ | | | +-----------+ | FWHost | | 1.2.3.4 | |192.168.2.1| +-----------+ / \ / \ / \ +-----------+ +-----------+ | LHost | | TSHost | |192.168.2.3| |192.168.2.2| +-----------+ +-----------+
Services Used
- AMANDA tape server host: amandaidx (10082/tcp), amandatape (10083/tcp)
- AMANDA client: amandad (10080/udp)
The port numbers here are the ports that these services are listening on.
IP Traffic
Waiting state: RHost listens on 10080/udp FWHost listens on 10080/udp LHost listens on 10080/udp TSHost listens on 10080/udp amdump process begins: TSHost sends request to RHost on port 10080/udp (via FWHost) TSHost sends request to FWHost on port 10080/udp TSHost sends request to LHost on port 10080/udp TSHost sends request to localhost on port 10080/udp amandad process begins on each client: xHost accepts request on 10080/upd xHost replies to TSHost on a port in --with-tcpportrange
To be continued...