Symandreck Backup Exex + SUSE 10.3 & Firewall

Hi,

I have a virtualized linux box here running under openSUSE 10.3. The box is placed in the DMZ as a LAMP+TYPO3-System.

In the network we have Symandreck Backup Exec 12 (64Bit) running under Windows 2003 Server. Now I installed the agent (it is mandatory to install libstdc++.so.5 too as otherwise VRTSralus won’t be able to start!).

Now I need to know how I have to configure the firewall on the linux box to get it backed up by BE. I just tried it with running firewall, but this fails so I turned the firewall off and then the backup is possible.

Maybe someone could help me which protocols and ports I have to open to allow the communictaion between the BE-media server (192.168.0.136) and my linux box (192.168.129.5).

Thanks in advance!

What I did so far is to enter a custom rule via YaST:

YaST -> Security and Users -> Firewall -> Custom Rules

Zone: External Zone

Source Network: 192.168.0.136
Protocol: TCP
Destination Port: ndmp (10000)
Source Port: ndmp (10000)

and

Source Network: 192.168.0.136
Protocol: TCP
Destination Port: 6103
Source Port: 6103

Symandreck published a documentation here that covers the ports. But unfortunately I don’t understand which other ports must be opened beside tcp/10000 and tcp/6103. BTW: I don’t have webmin installed on that box, so port 10000 should be not in use by any other service.

What I forgot to mention:
Communnication between the BE-Server and the Linux-box is possible when shutting down the firewall. So there is not a general problem with the installation I think.

In the meantime removed the upper custom rules from the firewall and replaced it with:

Source Network: 192.168.0.136
Protocol: TCP
Destination Port: 1025-42000
Source Port: 1025-42000

(The info-text states to enter portranges like 1025:42000, but inputs with a colon are not accepted by YaST!?)

The reason for port 42000 is, that BE is set up to use a port range of 41000-42000.

But it does not work. The firewall drops the packages:

Oct 17 13:54:05 FOOBAR kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:FO:OB:AR:FO:OB:AR:FO:OB:AR:FO:OB:AR:FO SRC=192.168.0.136 DST=192.168.129.5 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=12088 DF PROTO=TCP SPT=3895 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)

For me it is very strange :slight_smile:

Hi
I would look at using a packet capture program like wireshark or
tcpdump with the firewall down just to see what is happening and what
ports the application is connecting too.


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.16-0.1-default
up 7:46, 1 user, load average: 0.31, 0.59, 0.36
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.80

I don’t know why, but in the meantime it is working without having changed anything at the firewall beside the details given above.

But for any reason it is not possible to backup the system. I can select paths and files from the BE-server to be backed up (with firewall on and off), but when I try to backup the files, the job will be queued and nothing happens then :frowning:

So I run a log on the beremote:

b695a6c0 Fri Oct 17 15:45:09 2008 : Starting BE Remote Agent
b695a6c0 Fri Oct 17 15:45:09 2008 : Log file: 20081017-beremote.log001
b695a6c0 Fri Oct 17 15:45:09 2008 : No configuration file specified.  Using default.
b695a6c0 Fri Oct 17 15:45:09 2008 : Log to console: disabled
b695a6c0 Fri Oct 17 15:45:09 2008 : Successfully set the supplementary groups of the process
b695a6c0 Fri Oct 17 15:45:09 2008 : Initialized locks for SSL callbacks
b695a6c0 Fri Oct 17 15:45:09 2008 : Starting NDMP processor
b695a6c0 Fri Oct 17 15:45:09 2008 : NDMPDMainThreadFunc spawned: grpid=1, tid=-1231942768
b6920b90 Fri Oct 17 15:45:09 2008 : FS_InitFileSys
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsnt5.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedssql2.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsxchg.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsxese.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsmbox.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedspush.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsnote.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsmdoc.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedssps2.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedssps3.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsupfs.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsshadow.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsoffhost.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   loaded libbedsvx.so
b6920b90 Fri Oct 17 15:45:09 2008 :   loaded libbedsrman.so
b6920b90 Fri Oct 17 15:45:09 2008 :   loaded libbedssms.so
b6920b90 Fri Oct 17 15:45:09 2008 :   loaded libbedssmsp.so
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsra.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   libbedsdb2.so could not be loaded: 0x       2 (2)
b6920b90 Fri Oct 17 15:45:09 2008 :   loaded libbedsedir.so
b6920b90 Fri Oct 17 15:45:09 2008 : Initializing FSs
b6920b90 Fri Oct 17 15:45:09 2008 : FS 1 failed to initialize: 0xE000FE46
b6920b90 Fri Oct 17 15:45:09 2008 : Function called: RMAN_InitFileSys
b6920b90 Fri Oct 17 15:45:09 2008 : Using 'UTF-8' Encoding.
b6920b90 Fri Oct 17 15:45:09 2008 : 	 VXMS Initialization OK.
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <ext3> mounted at </>
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <proc> mounted at </proc>
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <sysfs> mounted at </sys>
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <debugfs> mounted at </sys/kernel/debug>
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <tmpfs> mounted at </dev>
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <devpts> mounted at </dev/pts>
b6920b90 Fri Oct 17 15:45:09 2008 : Detected Mounted Filesystem: type <securityfs> mounted at </sys/kernel/security>
b6920b90 Fri Oct 17 15:45:09 2008 : Successfully resolved the "ndmp" service to port: 10000 (host order)
b6920b90 Fri Oct 17 15:45:09 2008 : @@@@@@@MyCloseSocket called with sockfd = 6(0x6)	retval = 0
b6920b90 Fri Oct 17 15:45:09 2008 : @@@@@@@MyCloseSocket called with sockfd = 7(0x7)	retval = 0
b6920b90 Fri Oct 17 15:45:09 2008 : @@@@@@@MyCloseSocket called with sockfd = 8(0x8)	retval = 0
b6920b90 Fri Oct 17 15:45:09 2008 : BETCPListener::BETCPListener: This system appears to be a Dual IP system
b6920b90 Fri Oct 17 15:45:09 2008 : BETCPListener::BETCPListener: Successfully set the IPV6_V6ONLY option, this listener may behave as Dual Stack listener
b6920b90 Fri Oct 17 15:45:09 2008 : Started NDMP Listener on port 10000
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: advertisement cycle started.
b586ab90 Fri Oct 17 15:45:19 2008 : RMAN_EnumSelfDLE: AgentConfig GetOracleDBNames returned error. If Oracle Agent is installed, please run AgentConfig.
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: EnumSelfDLE for file system 14 returned 0(0x0) and 0 DLEs
b586ab90 Fri Oct 17 15:45:19 2008 : BENetConfigEx: Successfully refreshed adapter information.
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: EnumSelfDLE for file system 22 returned 0(0x0) and 1 DLEs
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: Nrds Message Len : 148.
b586ab90 Fri Oct 17 15:45:19 2008 : VX_RemoveDLE: DestroyDLE()
b586ab90 Fri Oct 17 15:45:19 2008 : ConnectToServerEndPoint: dest=BAR.FOO.BAR, service=6101
b586ab90 Fri Oct 17 15:45:19 2008 : CreateConnection type=0 on socket 6 via BESocket OK
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: send of FOO.BAR.LOCAL type 22 subtype 0 to target=BAR.FOO.BAR port=6101 succeeded
b586ab90 Fri Oct 17 15:45:19 2008 : ConnectToServerEndPoint: dest=192.168.0.136, service=6101
b586ab90 Fri Oct 17 15:45:19 2008 : CreateConnection type=0 on socket 6 via BESocket OK
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: send of FOO.BAR.LOCAL type 22 subtype 0 to target=192.168.119.0 port=6101 succeeded
b586ab90 Fri Oct 17 15:45:19 2008 : NrdsAdvertiserThread: advertisement cycle complete.  Waiting 240 minutes before advertising again.
b5069b90 Fri Oct 17 15:45:24 2008 : NrdsAdvertiserThread: negative (purge) advertisement cycle started.
b5069b90 Fri Oct 17 15:45:24 2008 : NrdsAdvertiserThread: no purge is pending.
b5069b90 Fri Oct 17 15:45:24 2008 : NrdsAdvertiserThread: negative (purge) advertisement cycle complete.  Waiting 240 minutes before advertising again.

Does no one have an idea what’s going wrong?

When I choose the ‘Test run’-option (as I have a german localized BE I am not sure what it is called in the international version, in German the word is ‘Probelauf’) at the media server, Backup Exec states that all is OK and it passes the test without problems.

But when I start the backup, the task goes active and will be queued immediately (Status in German: ‘In der Warteschlange’). After some time the task will be stopped due to a time-out and no data is transferred between the media server and Linux-box. There are no other backuptasks active at the mediaserver and bot slots of the tape-library a free. Tapes are available too and it fails also if I try to back up to disk. Other backup-jobs are running quite well.

I tried this with stopped firewall as well as with a running one, but this does not have any effect.

At the media server the file system of the Linux box is visible and I can choose files or directories that should be backed up, so there is a connection between the media server and the Linux-box.