Forum Discussion

YC's avatar
YC
Level 4
9 years ago

Port number 1556 for netbackup client is not listening

Hi,

We have a RedHat Linux version 7.2 running Netbackup client 7.6.1. The RHEL is running as wm in vmware.

Correct me that port number 1556, 13724 and 13782 shall be listening? Please refer below, port number 1556 is not listening. How to rectify the problem?

$ netstat -a | egrep 'bpcd|vnetd'
tcp        0      0 0.0.0.0:bpcd            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:vnetd           0.0.0.0:*               LISTEN     
unix  2      [ ACC ]     STREAM     LISTENING     18061    /usr/openv/var/vnetd/terminate
_vnetd.uds
unix  2      [ ACC ]     STREAM     LISTENING     18112    /usr/openv/var/vnetd/terminate
_bpcd.uds
unix  2      [ ACC ]     STREAM     LISTENING     18121    /usr/openv/var/vnetd/bpcd.uds

$ netstat -an | grep 1556  <<< nothing in return

$ netstat -an | grep 13724
tcp        0      0 0.0.0.0:13724           0.0.0.0:*               LISTEN     

$ netstat -an | grep 13782
tcp        0      0 0.0.0.0:13782           0.0.0.0:*               LISTEN  

$ ps -ef | egrep 'vnetd|bpcd'
root      1638     1  0 Mar23 ?        00:00:00 /usr/openv/netbackup/bin/vnetd -standalone
root      1675     1  0 Mar23 ?        00:00:00 /usr/openv/netbackup/bin/bpcd -standalone

Thanks in advance

  • This should help:

    # save existing ruleset...
    ls -lash /etc/sysconfig/iptables*
    cp -pv   /etc/sysconfig/iptables{,.$(date "+%F_%T")}
    ​ls -lash /etc/sysconfig/iptables*
    
    # add NetBackup ports...
    iptables -N NBU-IN
    iptables -A NBU-IN -p tcp -m multiport -s 10.0.1.0/24,192.168.1.0/24 --dports 1556,13724 -j ACCEPT
    iptables -I INPUT -j NBU-IN
    
    # save the tables...
    ls -lash /etc/sysconfig/iptables*
    service iptables save
    ls -lash /etc/sysconfig/iptables*
    

    .

    In the example above "-m multiport" is used because we are adding a rule for two ports "--dports 1556,13724".

    In the example above, two different /24 subnets are being allowed to reach the client.  You may only need one for your configuration.

    .

    N.B:  Some advice.  Read the man page for iptables, as there is a difference between '-A' adding an entry at the tail of iptables, and '-I' inserting an entry at the head of iptables.   i.e. inserting to the top/head means the new rules will be evaluated first, whereas adding (appending) to the the list means they will be evaluated last.   And so, if you were to 'add/append' your new rule after an existing generic drop rule, then your new rule will never be evaluated... and so we avoid this problem by 'inserting' our rule/set for NetBackup Client at the top, so that it is evaluated before any other rules.

    One could argue that this is ok *IF* the volume of backup traffic outweighs any other application traffic.  A "purist" admin would check the volumes of traffic for all applications on a server, and ensure that the "order" of rules matches the mostly likely highest frame rates, i.e. the busiest and most chatty and most volumeric applications - remember MB/s is not the indicator for FW rule order, it is ethernet frames/sec over a period of "run window" or period of "application intensity" which should dictate your iptables firewall rule order.