Re: xinetd and amanda
2002-10-14 10:03:30
Gene Heskett wrote:
On Monday 14 October 2002 04:43, Hery Zo RAKOTONDRAMANANA wrote:
Hi all,
I'm using amanda-2.4.2p2-4 on a debian woody system with xinetd.
I used to backup my amanda server via "localhost". Since my amanda
server has multiple interfaces, I want to limit amanda to
listening to 192.168.11.1 (eth1) interface only. This can be done
through the "bind" directive of xinetd but for "localhost".
Even if i change from "localhost " to the FQDN name of
192.168.11.1 in my disklist, amcheck always report a "request
timeout"
Anyone can tell me (or show some directions) how can I achieve
this?
This sounds as if you either don't have the proper amanda related
file(s) in your /etc/xinetd.d directory, or you didn't restart
xinetd when you installed them.
Thanks for replying Gene.
I put all my xinetd config my /etc/xinetd.conf file, that I erstart each
time I modify it.
If i ever put the directive "bind = 192.168.11.1" for all services
related to amanda on my xinetd.conf, I think it's working since I no
more can backup the machine "localhost" (which uses 127.0.01 I think)-
it's not the way I'd like it to be :). My matter is: since my amanda
server is a gateway between my private and a public network, how safe is
it to let xinetd listen on all interfaces for amanda ports ?
Now, the result of my netstat -tanp (without bind directive in
xinetd.conf) looks:
tcp 0 0 0.0.0.0:10083 0.0.0.0:*
LISTEN 21854/xinetd
tcp 0 0 0.0.0.0:10082 0.0.0.0:*
LISTEN 21854/xinetd
if I activate the "bind" directive on each amanda service:
grmbl:~# netstat -tanp | grep 1008
tcp 0 0 192.168.11.1:10083 0.0.0.0:*
LISTEN 15855/xinetd
tcp 0 0 192.168.11.1:10082 0.0.0.0:*
LISTEN 15855/xinetd
This is a more convenient configuration IMHO since I can play on my
firewall rules (BTW, I have a different backup network for each server).
Somehow, my problem is that I no more can backup my amanda-server this way.
service amanda
{
socket_type = dgram
protocol = udp
wait = yes
user = backup
server = /usr/lib/amanda/amandad
bind = 192.168.11.1
}
I can eventually play with the "only_from" directive of xinetd so that
I'll have inetd listening on 0.0.0.0:10083 but how safe this
configuration is?
Regards.
Hery Zo
The proper file should look like this:
----------------------------
# default = off
#
# description: Part of the Amanda server package
# This is the list of daemons & such it needs
service amanda
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = amanda
group = disk
groups = yes
bind = 192.168.11.1
server = /usr/local/libexec/amandad
}
service amandaidx
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = amanda
group = disk
groups = yes
server = /usr/local/libexec/amindexd
}
service amidxtape
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = amanda
group = disk
groups = yes
server = /usr/local/libexec/amidxtaped
}
-----------------------
adjust the group if required, everything else should correspond to a
std amanda install.
|
|
|