How To:Set Up iptables for Amanda

From wiki.zmanda.com
Revision as of 00:44, 5 December 2005 by Dleangen (talk | contribs)
Jump to navigation Jump to search

Configuration with iptables

Objective

The purpose of this page is to provide a quick recipe for configuring a firewall using iptables for use with AMANDA.

More detailed information about port usage can be found in the AMANDA documentation.

Assumptions

We assume the following:

  • a tape server host, TSHost, having IP address 192.168.2.2
  • TSHost is not directly connected to the Internet
  • TSHost is also an AMANDA backup client
  • firewall server FWHost with IP address 192.168.2.1
  • FWHost is also an AMANDA backup client
  • FWHost is accessible from the Internet through IP address 1.2.3.4
  • local host LHost with IP address 192.168.2.3
  • remote host RHost, accessible via 2.3.4.5
  • each host uses iptables
  • each host has a basic policy of "deny all incoming" and "accept all outgoing"

Also:

  • AMANDA is configured on each host --with-tcpportrange 50000:50100
  • AMANDA is configured on each host --with-udpportrange 700:710


                +---------+
                |  RHost  |
                | 2.3.4.5 |
                +---------+
                     |
                     |
                     |
                +-----------+
                |   FWHost  |
                |  1.2.3.4  |
                |192.168.2.1|
                +-----------+
                /         \
               /           \
              /             \
    +-----------+         +-----------+
    |   LHost   |         |   TSHost  |
    |192.168.2.3|         |192.168.2.2|
    +-----------+         +-----------+

Services Used

  • AMANDA tape server host: amandaidx (10082/tcp), amandatape (10083/tcp)
  • AMANDA client: amandad (10080/udp)

The port numbers here are the ports that these services are listening on.


IP Traffic

Note! The following is probably not correct. Needs to be verified. Could somebody with more knowledge of AMANDA please confirm?

Traffic is sent between the hosts in the following manner during the backup process. 

 Waiting state:
      RHost listens on 10080/udp
      FWHost listens on 10080/udp
      LHost listens on 10080/udp
      TSHost listens on 10080/udp
 
 amdump process begins:
      TSHost sends request to RHost on port 10080/udp (via FWHost)
      TSHost sends request to FWHost on port 10080/udp
      TSHost sends request to LHost on port 10080/udp
      TSHost sends request to localhost on port 10080/udp
 
 amandad process begins on each client:
      xHost accepts request on 10080/upd
      xHost replies (sendbackup) to TSHost on a port in --with-tcpportrange

Traffic is sent between the hosts in the following manner during recovery. 

 ??? (Need somebody with more knowledge of AMANDA to explain)


Will continue with iptables config once the above is confirmed...

Retrieved from ‘http://wiki.zmanda.com/index.php?title=How_To:Set_Up_iptables_for_Amanda&oldid=1732