[ previous ] [ next ] [ threads ]
 
 From:  "Hauns Froehlingsdorf" <hauns at fros dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Amanda Backup through Monowall
 Date:  Sat, 28 Jan 2006 09:23:27 -0600 (CST)
I have a dilema and I'm hoping someone here can help me.

I have recently moved my linux amanda backup server behind my monowall
firewall at home.

All of the servers that I am backing up are at a remote location and since
the move, the backups are failing with this message:

port 65139 not secure (This increments each time the connection is
attempted).

After doing some research, the amanda developers said this:

To get Amanda to work across a NAT (masqurate) boundry you need two things:

1. set up a forwarding that preserves the reserved port (which is silly in
this day and age).

10.0.0.4 is the Amanda Client
172.30.2.42 is the Amanda Server
10.0.0.6 is the NAT's external IP

my ipnat.conf:
map ex0 from 172.30.2.42 to 10.0.0.4 -> 10.0.0.6/32 portmap udp 600:800
map ex0 172.30.2.0/24 -> 10.0.0.6/32 portmap tcp/udp 1025:60000
map ex0 172.30.2.0/24 -> 10.0.0.6/32

2. Allow the transport stream. This happens on a high numbered TCP port
thats randomly chosen for both endpoints. It took me a while to determine
this.
frags of my ipf.conf on the client: (These both have group tags that
pulled the traffic from the particular interface.)
pass in proto udp from 10.0.0.0/28 to any port = amanda
pass in proto tcp from 10.0.0.6 to 10.0.0.4 keep state

As I do not have access to the rules directly, how could this be done
through the monowall interface?

Any help GREATLY appreciated!

Sincerely,
Hauns


--

Hauns Froehlingsdorf
Linux Enthusiast since kernel 2.0.36
Ham Radio: KI0GU