PDA

View Full Version : iptables rules



robd
April 30th, 2007, 03:30 AM
I'm no thaving much luck opening up my iptables to permit backups of machines over internet? I am running RHEL5 with amanda beta version 2.5.2b1, setup following http://amanda.zmanda.com/quick-backup-setup.html

i've been following http://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda - perhaps my connection problems are due to running the backups through a VPN?

when I set my tun0 as a trusted interface, my backups work fine. if I decide that I don't trust my tun0 (which is a good idea, really), and try to openup ports in iptables I am unable to get a backup running.

Here are my IP tables rules each side of the VPN.
on my RHost
added for amanda
-A RH-Firewall-1-INPUT -p tcp --dport 50000:50100 -s 10.8.0.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 10080 -s 10.8.0.0/24 -j ACCEPT

on my TSHost
-A RH-Firewall-1-INPUT -p tcp --dport 50000:50100 -s 10.8.0.0/24 -j ACCEPT


-sh-3.1$ amcheck DailySet1 -c
Amanda Backup Client Hosts Check
--------------------------------
WARNING: mittens.testvpn.com: selfcheck request failed: No route to host
Client check: 1 host checked in 10.353 seconds, 1 problem found

When I set
-A RH-Firewall-1-INPUT -i tun0 -j ACCEPT
on my RHost, THost connects fine and my backups are successful.

paddy
May 2nd, 2007, 05:22 PM
Please check the values for --with-tcpportrange compilation parameter.

To see Amanda compilation parameter, please run "amadmin xx version"

Paddy

mohr
June 30th, 2008, 10:10 AM
Try using the multiport module shipped with iptables. It is used like this:

iptables -A INPUT -p tcp -m multiport --dports 50000:55000 -j ACCEPT