How To:Set Up iptables for Amanda
Configuration with iptables
Objective
The purpose of this page is to provide a quick recipie for configuring a firewall using iptables for use with AMANDA.
More detailed information about port usage can be found in the AMANDA documentation.
Assumptions
We assume the following:
- a tape server host, TSHost, having IP address 192.168.2.2
- TSHost is not directly connected to the Internet
- TSHost is also an AMANDA backup client
- firewall server FWHost with IP address 192.168.2.1
- FWHost is also an AMANDA backup client
- FWHost is accessible from the Internet through IP address 1.2.3.4
- local host LHost with IP address 192.168.2.3
- remote host RHost, accessible via 2.3.4.5
- each host uses iptables
- each host has a basic policy of "deny all incoming" and "accept all outgoing"
Also:
- AMANDA is configured on each host with --with-tcpportrange and --with-udpportrange
+---------+
| RHost |
| 2.3.4.5 |
+---------+
|
|
|
+-----------+
| FWHost |
| 1.2.3.4 |
|192.168.2.1|
+-----------+
/ \
/ \
/ \
+-----------+ +-----------+
| LHost | | TSHost |
|192.168.2.3| |192.168.2.2|
+-----------+ +-----------+
Services Used
- AMANDA tape server host: amandaidx (10082/tcp), amandatape (10083/tcp)
- AMANDA client: amandad (10080/udp)
The port numbers here are the ports that these services are listening on.
IP Traffic
Waiting state:
RHost listens on 10080/udp
FWHost listens on 10080/udp
LHost listens on 10080/udp
TSHost listens on 10080/udp
amdump process begins:
TSHost sends request to RHost on port 10080/udp (via FWHost)
TSHost sends request to FWHost on port 10080/udp
TSHost sends request to LHost on port 10080/udp
TSHost sends request to localhost on port 10080/udp
amandad process begins on each client:
xHost accepts request on 10080/upd
xHost replies to TSHost on a port in --with-tcpportrange
To be continued...