Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Networker through a firewall - is it possible?

Status
Not open for further replies.
Chapter11

Chapter11

Technical User
Joined
Apr 15, 2002
Messages
791
Location
US
Has anyone done it? Anyone know what ports I would need to open? (I don't mind having backups initiated from the client side).
 
Sort by date Sort by votes
Yes, it's possible but you will get trouble with the firewall staff. Your need more then 100 ports in both directions.

Bye

PS: If you need more information post it. cyberted
 
Upvote 0 Downvote
Networker-Backup through Firewall? You need hundreds upto thousand ports!!! It is not even on the roadmap of Legato!
 
Upvote 0 Downvote
I started looking into piping Legato's work through a ssh tunnel, but we gave in and stuck a new interface on our networker server, that is active only during backup periods (via ifconfig)
 
Upvote 0 Downvote
It works but make sure you have patch LGTpa43607 applied. This keeps the ports open during the save process.


----------ID: legato8672

There are two types of firewall software in the market, packet-filtering
and stateful firewall, below is a configuration requirement for
packet-filtering firewall:

You need to open up the following ports
(1) 7937-9000: for service daemons listening for requests;
(2) 10000-30000: for client-side process such as "save" to connect to the
service daemons;
(3) Legato uses both TCP and UDP, but only TCP is used for backup and
restore. UDP is for licensing, administration and other features outside
of backup/restore.
Ed Skolnik
The Interpublic Group Of Companies, Inc.
GIS Chicago System Administrator
Chicago, Illinois 60611
 
Upvote 0 Downvote
if you're going to open up 22,000 ports, you might as well not have the firewall in the first place.
 
Upvote 0 Downvote
We back up several clients thru a firewall, yes it seems that you open the world up to the network, but we have firewalls on top of firewalls. If the network folks can protect the network from the outside you should be ok. Otherwise plan a datazone for each area behind each firewall.
 
Upvote 0 Downvote
Here is several-years working ipfilter's rules for backup host from BACKUP server


pass in quick proto tcp from BACKUP to any port 7936 >< 9937 flags S/SA keep state
pass in quick proto tcp from BACKUP to any port = 514 flags S/SA keep state
pass in quick proto tcp from BACKUP to any port = 111 flags S/SA keep state
pass in quick proto udp from BACKUP to any port = 111 keep state
pass in quick proto udp from BACKUP to any port 7936 >< 9937 keep state


Moreover, Backup server is in private subnet,
so there is another firewall with NAT (CheckPoint). But CheckPoint needs much more complicated
configurations to work with Legato Backup.
If your wish, I try to explain.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

S
  • Locked
  • Question Question
EMC Networker restore VM from tape , suggest manually labelling a new writable volume.
Replies
0
Views
2K
spirit_architect
S
M
  • Locked
  • Question Question
external hard drive issue
Replies
13
Views
4K
DrB0b
DrB0b
anil5555
  • Locked
  • Question Question
Networker in HA ( High availability ) for DR
Replies
0
Views
775
anil5555
anil5555
P_Nab
  • Locked
  • Question Question
Networker loosing manually set read only status of tapes
Replies
0
Views
782
P_Nab
P_Nab
Martha Sipe
  • Locked
  • Question Question
thread528-1602310 Wanted to talk a
Replies
1
Views
795
LucilleWJarrett
LucilleWJarrett

Part and Inventory Search

Sponsor

Back
Top