Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ backup across PIX Firewall failing 2

Status
Not open for further replies.
Intervoice123

Intervoice123

IS-IT--Management
Dec 1, 2006
15
0
0
US
Hi
In the last 3 weeks, I am noticing failures on all my DMZ clients on a scheduled backup (see below). Even turning the verbose option in the group (this was a workaround I was using until I moved to 7.2 last year) fails. I do not recall making any changes on the PIX firewall. Assuming they were some changes, can someone please tell me exactly what ports (bi-directional?) need to be opened between the internal backup server and the DMZ clients. I am running Legato Networker 7.2 (Build 172). PIX FW version 6.x When I do an rpcinfo -p from DMZ client, I get "can't contact lgtomapper: Remote system error - Connection timed out". nslookup, ping by short and FQDN works from both ends. Thx for your time.

DMZclient:All 1 retry attempted
* DMZclient:All rcmd DMZclient, user root: `savefs -s backup_server -c DMZclient -g PIX -p -l full -R -v'
DMZclient: Connection refused
* DMZclient:All 02/12/07 17:01:33 nsrexec: SYSTEM error: Connection refused
* DMZclient:All 02/12/07 17:01:02 nsrexec: nsrexecd on DMZclient is unavailable. Using rsh instead.
 
Sort by date Sort by votes
The client's service ports to contact are 7937 & 7938. Same goes for the server to establish connection.

The messages however indicate that the client listener (nsrexecd) is not running. It also works as portmapper.
 
Upvote 0 Downvote
Thx for your response. I presume this is TCP 7937, 7938 - both inbound and outbound. nsrexecd is running on client and server.
Raghu
 
Upvote 0 Downvote
Actually, these are "service ports" (inbound). The ooutbound "connection ports" are not considered dangerous any longer.
 
Upvote 0 Downvote
Thx. In Firewall, I have to specy if it is TCP or UDP. What is port 10000.? Thx
Raghu
 
Upvote 0 Downvote
Not sure what Port 10000 is for?

10001 is the start of the "data stream ports". Networker uses ports 10001-30000 to stream the data to the storage node or server.

Other ports to check are 111, 514, 7937-9936.
 
Upvote 0 Downvote
If you mean that port 10000 also works as a service port, this is correct - NW uses it for the NDMP Tape Services, if installed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Martha_SysAdm
  • Locked
  • Question
Which hardware and software can i consider for Backup and Disaster recovery 1
Replies
3
Views
305
goombawaho
goombawaho
Kennymc
  • Locked
  • Question
backup exec
Replies
0
Views
203
Kennymc
Kennymc
Marino.
  • Locked
  • Question
Restore backup in Open VMS
Replies
0
Views
204
Marino.
Marino.
nmahat
  • Locked
  • Question
Symantec Backup Exec 2015: Backup Fail
Replies
0
Views
84
nmahat
nmahat
Victor ILSP
  • Locked
  • Question
Backup Not possible Failed to create a VSS snapshot
Replies
0
Views
91
Victor ILSP
Victor ILSP

Part and Inventory Search

Sponsor

Back
Top