Port number 1556 for netbackup client is not listening
- 9 years ago
This should help:
# save existing ruleset... ls -lash /etc/sysconfig/iptables* cp -pv /etc/sysconfig/iptables{,.$(date "+%F_%T")} ls -lash /etc/sysconfig/iptables* # add NetBackup ports... iptables -N NBU-IN iptables -A NBU-IN -p tcp -m multiport -s 10.0.1.0/24,192.168.1.0/24 --dports 1556,13724 -j ACCEPT iptables -I INPUT -j NBU-IN # save the tables... ls -lash /etc/sysconfig/iptables* service iptables save ls -lash /etc/sysconfig/iptables*
.
In the example above "-m multiport" is used because we are adding a rule for two ports "--dports 1556,13724".
In the example above, two different /24 subnets are being allowed to reach the client. You may only need one for your configuration.
.
N.B: Some advice. Read the man page for iptables, as there is a difference between '-A' adding an entry at the tail of iptables, and '-I' inserting an entry at the head of iptables. i.e. inserting to the top/head means the new rules will be evaluated first, whereas adding (appending) to the the list means they will be evaluated last. And so, if you were to 'add/append' your new rule after an existing generic drop rule, then your new rule will never be evaluated... and so we avoid this problem by 'inserting' our rule/set for NetBackup Client at the top, so that it is evaluated before any other rules.
One could argue that this is ok *IF* the volume of backup traffic outweighs any other application traffic. A "purist" admin would check the volumes of traffic for all applications on a server, and ensure that the "order" of rules matches the mostly likely highest frame rates, i.e. the busiest and most chatty and most volumeric applications - remember MB/s is not the indicator for FW rule order, it is ethernet frames/sec over a period of "run window" or period of "application intensity" which should dictate your iptables firewall rule order.