| Title: | NetWorker |
| Notice: | kits - 12-14, problem reporting - 41.*, basics 1-100 |
| Moderator: | DECWET::RANDALL�.com::lenox |
| Created: | Thu Oct 10 1996 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 750 |
| Total number of notes: | 3361 |
I am looking for a networker configuration whith a firewall. In my configuration The Networker Server is an ALPHA NT The Client is an ALPHA NT between the server and the client, there is an UNIX ALTAVISTA ALPHA FIREWALL. My question is : Is it possible to save the client on the NSR server passing through the firewall to make the backup. [Posted by WWW Notes gateway]
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 384.1 | dunno, never tried it | DECWET::EVANS | Be a Point Of Light! | Wed Feb 05 1997 09:04 | 13 |
technically, this answer is "not supported", because we don't test for this (no call for it - you are the first). unofficially, if the client/server use IP addresses to communicate, it'll work. If not, nope. try it. If it works, you are ahead. if not, well, try something else, perhaps with a supported configuration. Hmmm, perhaps tunneling could help. Lastly - it is most unusual that a server would be on one side of the firewall, and the client(s) on the other. I mean, the data is either "secure" (or sensitive) and being backed up to a non-sensitive site (or vice-versa), so at first blush, this makes no sense to me. | |||||
| 384.2 | DECWET::FARLEE | Insufficient Virtual um...er.... | Wed Feb 05 1997 10:02 | 18 | |
Actually, I have heard of a few cases like this, and yes, it can make sense: Many folks maintain a node outside their firewall to publish information to the "outside world". The data there is valuable, but not irreplaceable. Still it would be easier to simply run recover than to run around and re-assemble data from wherever it came from. I have not had a chance (yet) to experiment, although I recently got my hands on the kit. The reports I've heard is that AltaVista Tunnel goes through some sort of re-keying process every 30 minutes, and tends to drop NetWorker sessions at that point. Possibly this could be configured around, possibly not. I will look at it as I get "spare" time. (note: with my schedule lately, that may take awhile!!) In the meantime, as Bruce said, it is unsupported. Kevin | |||||
| 384.3 | The point is force client and server to use a dedicated TCP-Port | COL01::LOPEZ | Arturo Lopez drinks K�lsch at Cologne | Thu Feb 06 1997 04:43 | 25 |
The Problem with this configuration is that networker uses random TCP-Ports to save the data. In this case you can not use a generic proxy. You must open a big hole in the packet filter and allow all tcp ports from the client to server. My question is: How can I force the server and the client to use always the same tcp port for the data and commands communication ? Any help appreciated. Arturo P. S. Some hints to make your WWW-Server secure. - Start the port mapper only during the back up with cron. Port mapper is very unsecure. - Define Access lists on your internet router to forbid everything but the services you need. I'm sure aou will never need a port mapper connection to the internet. | |||||
| 384.4 | you are asking a tunnel question now... | DECWET::EVANS | Be a Point Of Light! | Thu Feb 06 1997 10:12 | 4 |
re: NetWorker allowing floating TCP ports - sorry, not designed to do that. this floating TCP stuff is tunnel/firewall related. Ask in that conference, please. You'll get way better service. | |||||