[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RE: Raq3 Mysterious Death & Backup
- Subject: [cobalt-users] RE: Raq3 Mysterious Death & Backup
- From: Chae <chae@xxxxxxxxxxxx>
- Date: Fri Oct 11 04:11:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi Yah,
Just when you thought you'd heard the last of me :)
Well two nights on the trot backups transferred no problem then tonight the
same problem wouldn't transfer all the files across via FTP.
I'm at a loss now and probably looking at paying someone to resolve this
issue :(
I've tried about half a dozen different IPChains rules to see if this will
solve the issue but no chance...
Here's what I've used:
Original Rules:
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 21 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 20 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 21 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 ! -y -p tcp -j ACCEPT
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 20 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p tcp -j ACCEPT
Other rules tried:-
/sbin/ipchains -A output -s 0.0.0.0/0.0.0.0 20 -d 0.0.0.0/0.0.0.0
1024:65535 -i eth0 -p udp -j ACCEPT (doesn't accept udp as an input chain)
/sbin/ipchains -A input -i eth0 -p tcp --dport ftp -j ACCEPT
/sbin/ipchains -A input -i eth0 -p tcp --dport ftp-data -j ACCEPT
/sbin/ipchains -A output -i eth0 -p tcp --dport ftp-data -j ACCEPT
/sbin/ipchains -A input -i eth0 -p tcp --dport 20:21 -j ACCEPT
/sbin/ipchains -A output -i eth0 -p tcp --dport 20 -j ACCEPT
If anyone's using raqbackup.sh on a RaQ3 FTP'ing to a backup server on
their NOC's network and using IPChains can they either post or email me a
copy of their FTP rules so I can see where I'm going wrong. I still can't
understand why it allowed the backups to transfer two nights running but
tonight my logs show:
Oct 11 23:39:22 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23959 F=0x4000 T=64 SYN
(#35)
Oct 11 23:39:25 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23961 F=0x4000 T=64 SYN
(#35)
Oct 11 23:39:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23962 F=0x4000 T=64 SYN
(#35)
Oct 11 23:39:43 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23963 F=0x4000 T=64 SYN
(#35)
Oct 11 23:40:07 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23964 F=0x4000 T=64 SYN
(#35)
Oct 11 23:40:55 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23965 F=0x4000 T=64 SYN
(#35)
Oct 11 23:42:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23966 F=0x4000 T=64 SYN
(#35)
Oct 11 23:44:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=23967 F=0x4000 T=64 SYN
(#35)
Oct 11 23:46:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=24051 F=0x4000 T=64 SYN
(#35)
Oct 11 23:48:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=24055 F=0x4000 T=64 SYN
(#35)
Oct 11 23:50:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=24056 F=0x4000 T=64 SYN
(#35)
Oct 11 23:52:31 ns kernel: Packet log: input DENY eth0 PROTO=6
backup-server-ip:20 my-server-ip:2000 L=60 S=0x00 I=24057 F=0x4000 T=64 SYN
(#35)
Regards
Chae