Re: xinetd and amanda

Gene Heskett wrote:

On Monday 14 October 2002 04:43, Hery Zo RAKOTONDRAMANANA wrote:

Hi all,

I'm using amanda-2.4.2p2-4 on a debian woody system with xinetd.
I used to backup my amanda server via "localhost". Since my amanda
server has multiple interfaces, I want to limit amanda to
listening to 192.168.11.1 (eth1) interface only. This can be done
through the "bind" directive of xinetd but for "localhost".

Even if i change from "localhost " to the FQDN name of
192.168.11.1 in my disklist, amcheck always report a "request
timeout"

Anyone can tell me (or show some directions) how can I achieve
this?

This sounds as if you either don't have the proper amanda relatedfile(s) in your /etc/xinetd.d directory, or you didn't restartxinetd when you installed them.


Thanks for replying Gene.

I put all my xinetd config my /etc/xinetd.conf file, that I erstart eachtime I modify it.If i ever put the directive "bind = 192.168.11.1" for all servicesrelated to amanda on my xinetd.conf, I think it's working since I nomore can backup the machine "localhost" (which uses 127.0.01 I think)-it's not the way I'd like it to be :). My matter is: since my amandaserver is a gateway between my private and a public network, how safe isit to let xinetd listen on all interfaces for amanda ports ?Now, the result of my netstat -tanp (without bind directive inxinetd.conf) looks:tcp 0 0 0.0.0.0:10083 0.0.0.0:*LISTEN 21854/xinetdtcp 0 0 0.0.0.0:10082 0.0.0.0:*LISTEN 21854/xinetd


if I activate the "bind" directive on each amanda service:
grmbl:~# netstat -tanp | grep 1008

tcp 0 0 192.168.11.1:10083 0.0.0.0:*LISTEN 15855/xinetdtcp 0 0 192.168.11.1:10082 0.0.0.0:*LISTEN 15855/xinetdThis is a more convenient configuration IMHO since I can play on myfirewall rules (BTW, I have a different backup network for each server).Somehow, my problem is that I no more can backup my amanda-server this way.


service amanda
{
       socket_type     = dgram
       protocol        = udp
       wait            = yes
       user            = backup
       server          = /usr/lib/amanda/amandad
      bind            = 192.168.11.1
}

I can eventually play with the "only_from" directive of xinetd so thatI'll have inetd listening on 0.0.0.0:10083 but how safe thisconfiguration is?



Regards.
Hery Zo


The proper file should look like this:
----------------------------
# default = off
#
# description: Part of the Amanda server package
# This is the list of daemons & such it needs
service amanda
{
        disable = no
        socket_type     = dgram
        protocol        = udp
        wait            = yes
        user            = amanda
        group           = disk
        groups          = yes


                 bind                     = 192.168.11.1

        server          = /usr/local/libexec/amandad
}
service amandaidx
{
       disable = no
       socket_type     = stream
       protocol        = tcp
       wait            = no
       user            = amanda
       group           = disk
       groups          = yes
       server          = /usr/local/libexec/amindexd
}
service amidxtape
{
       disable = no
       socket_type     = stream
       protocol        = tcp
       wait            = no
       user            = amanda
       group           = disk
       groups          = yes
       server          = /usr/local/libexec/amidxtaped
}
-----------------------

adjust the group if required, everything else should correspond to astd amanda install.