How To:Set Up iptables for Amanda: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 21: | Line 21: | ||
Also: | Also: | ||
* AMANDA is configured on each host with --with-tcpportrange | * AMANDA is configured on each host with --with-tcpportrange 50000:50100 | ||
* AMANDA is configured on each host with --with-udpportrange 700:710 | |||
Revision as of 04:02, 2 December 2005
Configuration with iptables
Objective
The purpose of this page is to provide a quick recipie for configuring a firewall using iptables for use with AMANDA.
More detailed information about port usage can be found in the AMANDA documentation.
Assumptions
We assume the following:
- a tape server host, TSHost, having IP address 192.168.2.2
- TSHost is not directly connected to the Internet
- TSHost is also an AMANDA backup client
- firewall server FWHost with IP address 192.168.2.1
- FWHost is also an AMANDA backup client
- FWHost is accessible from the Internet through IP address 1.2.3.4
- local host LHost with IP address 192.168.2.3
- remote host RHost, accessible via 2.3.4.5
- each host uses iptables
- each host has a basic policy of "deny all incoming" and "accept all outgoing"
Also:
- AMANDA is configured on each host with --with-tcpportrange 50000:50100
- AMANDA is configured on each host with --with-udpportrange 700:710
+---------+ | RHost | | 2.3.4.5 | +---------+ | | | +-----------+ | FWHost | | 1.2.3.4 | |192.168.2.1| +-----------+ / \ / \ / \ +-----------+ +-----------+ | LHost | | TSHost | |192.168.2.3| |192.168.2.2| +-----------+ +-----------+
Services Used
- AMANDA tape server host: amandaidx (10082/tcp), amandatape (10083/tcp)
- AMANDA client: amandad (10080/udp)
The port numbers here are the ports that these services are listening on.
IP Traffic
Waiting state: RHost listens on 10080/udp FWHost listens on 10080/udp LHost listens on 10080/udp TSHost listens on 10080/udp amdump process begins: TSHost sends request to RHost on port 10080/udp (via FWHost) TSHost sends request to FWHost on port 10080/udp TSHost sends request to LHost on port 10080/udp TSHost sends request to localhost on port 10080/udp amandad process begins on each client: xHost accepts request on 10080/upd xHost replies to TSHost on a port in --with-tcpportrange
To be continued...