Re: amanda backups and firewalling

From: jason@cannonfodder.org
Date: 07/17/02


Date: Wed, 17 Jul 2002 12:23:40 -0500
From: jason@cannonfodder.org
To: focus-linux@securityfocus.com

on Tue Jul 16 mark@winksmith.com spoke forth with the blessed manuscript
> i'm sure someone has looked at this already. my internal server within
> my internal lan has been wrapped up with iptables. in and out is clearly
> defined on the box.

> amdump (amanda 2.4.2) appears to use specified ports (such as 10080,
> 10081, 10082, and 10083). BUT then the actual transfer of data seems
> to go over another port. these ports don't appear to be fixed and
> range quite a bit (different every time).

> any ideas as to how to handle this in iptables?

I actually just did this last night and whether it's correct or not here
is what I did and it seems to work:

-A tcp_shi* -s 192.168.1.0/255.255.255.0 -p tcp -m tcp -m multiport --dports amandaidx,amidxtape -j ACCEPT
-A tcp_shi* -s 66.137.146.200/255.255.255.248 -p tcp -m tcp -m multiport --dports amandaidx,amidxtape -j ACCEPT
-A tcp_shi* -s 192.168.1.0/255.255.255.0 -p udp -m udp --sport 10080 -j ACCEPT
-A tcp_shi* -s 66.137.146.200/255.255.255.248 -p udp -m udp --dport 10080 -j ACCEPT

-- 



Relevant Pages

  • amanda backups and firewalling
    ... my internal server within ... my internal lan has been wrapped up with iptables. ... to go over another port. ...
    (Focus-Linux)
  • Re: amanda backups and firewalling
    ... Look into making iptables be dynamic. ... my internal server within ... > to go over another port. ...
    (Focus-Linux)
  • RE: redhat-list Digest, Vol 4, Issue 38
    ... Re: Iptables: port 22 open only for my IP ... Windows Services for Unix 3.5 ... It does absolutely nothing if you have a rampant application on your Windows box that opens a port to the outside world. ...
    (RedHat)
  • Firewall Rules Summary
    ... Subject: Firewall Rules Summary ... This script is provided "as is" with no implied warranty. ... this came from various howtos and articles on iptables that existed around ... #specific port denies>1024 tcp ...
    (Focus-Linux)
  • Re: Linux IPTables tutorial pdfs and plain text available.
    ... What you are referring to here are CHAINS. ... create as a user-defined chain in my iptables scripts to reject traffic ... need to allow port 20/tcp only if you're using active FTP. ... This is actually not a bash script, ...
    (comp.security.firewalls)