Re: amanda backups and firewalling

From: jason@cannonfodder.org
Date: 07/17/02


Date: Wed, 17 Jul 2002 12:23:40 -0500
From: jason@cannonfodder.org
To: focus-linux@securityfocus.com

on Tue Jul 16 mark@winksmith.com spoke forth with the blessed manuscript
> i'm sure someone has looked at this already. my internal server within
> my internal lan has been wrapped up with iptables. in and out is clearly
> defined on the box.

> amdump (amanda 2.4.2) appears to use specified ports (such as 10080,
> 10081, 10082, and 10083). BUT then the actual transfer of data seems
> to go over another port. these ports don't appear to be fixed and
> range quite a bit (different every time).

> any ideas as to how to handle this in iptables?

I actually just did this last night and whether it's correct or not here
is what I did and it seems to work:

-A tcp_shi* -s 192.168.1.0/255.255.255.0 -p tcp -m tcp -m multiport --dports amandaidx,amidxtape -j ACCEPT
-A tcp_shi* -s 66.137.146.200/255.255.255.248 -p tcp -m tcp -m multiport --dports amandaidx,amidxtape -j ACCEPT
-A tcp_shi* -s 192.168.1.0/255.255.255.0 -p udp -m udp --sport 10080 -j ACCEPT
-A tcp_shi* -s 66.137.146.200/255.255.255.248 -p udp -m udp --dport 10080 -j ACCEPT

--