cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to configure client backup,which was behind firewall

we have netbackup 6.5 installed (Master server and media server) in the same network.
Now we need to take backup of the client which was in different network(seperated by firewall)
We have enabled the netbackup ports in the firewall.
Now the client was able to communicate with server(pinging,telnet)
But from server side it is not communicating.
Please provide the solution.
1 Solution

Accepted Solutions
Highlighted
Accepted Solution!

actually it's this link

ftp://exftpp.symantec.com/pub/support/products/NetBackup_Enterprise_Server/281623.pdf

VERITAS NetBackup™
Port Usage
UNIX, Windows, and Linux
(apparently it hasn't changed from 6.0)


master -> 6.0 client
vnetd/13724
6.0 client -> master
vnetd/13724

View solution in original post

9 Replies

Firewall ports

Can you confirm what ports were opened and was the port opening uni-directional or bidirectional?

Highlighted

Also does bpclntcmd work from

Also does bpclntcmd work from the client and the media/master server

bpclntcmd: -sv
bpclntcmd: -pn
bpclntcmd: -self
bpclntcmd: -hn <hostname>
bpclntcmd: -server <NBU master>
bpclntcmd: -ip <ipaddress>
bpclntcmd: -gethostname

Highlighted

bpcd 13782/tcp bprd

bpcd 13782/tcp
bprd 13720/tcp
vnetd 13724/tcp
vopied 13783/tcp
bpdbm 13721/tcp
bpjobd 13723/tcp
bpjava-msvc 13722/tcp
NB_dbsrv 13785/tcp
vmd 13701/tcp
tldcd 13711/tcp
tl8cd 13705/tcp
tl4d 13713/tcp
tlmd 13716/tcp
tlhcd 13717/tcp
acsd 13702/tcp

Highlighted

Thanks for responding,Ports


 

Highlighted

Client OS and Media Master server OS

Hi Isat,

Whats the OS running on the Client server and the master/media server. If the client is running Linux is xinetd running on there. If yes have you added the relevant services to hosts.allow?

edit /usr/openv/netbackup/bp.conf to include the line:
ALLOW_NON_RESERVED_PORTS = yes

If the file /etc/hosts.allow exists then these entries will need to be appended to it:
bpcd: 10.
vopied: 10.
bprd: 10.
vnetd: 10.


The ports are sufficient for client backups to work if you want to be secure.

13720
13721
13724
  • On the client:

netstat -a | grep bpcd

bpcd is the daemon that listens for netbackup requests. It must be running.

  • Hostname resolution consistency is very important in netbackup, and it's one of the first things worth checking if netbackup can't connect to the new client. Netbackup provides the command /usr/openv/netbackup/bin/bpclntcmd to check DNS through netbackup.
  • On the master server:

telnet <client> bpcd
Check for firewall, or if netbackup itself is closing the connection.

  • On Redhat, you may need to install compat-libstdc++-296-2.96-132.7.2.i386.rpm. On x86 architecture, install libgcc-3.4.6-8.i386.rpm first.
  • On Linux, you may also need to install and/or start xinetd - don't forget to use chkconfig to ensure it starts on boot

Host Properties -> Master Servers -> right-click hambck01 and select 'Properties'

Select Firewall, click Add, enter hostname, click Add then Close. Client will be added to the bottom of the list. Select the new client, and change the attributes to match the other clients, ie:

Select Connect Options tab, and in BPCD connect back, select 'VNETD port'
In Ports, select 'Connect on non-reserved port'
Daemon Connection - 'VNETD port'

Can you confirm if this works after using the above steps.
Highlighted

Port usage guide

Check the port usage guide.

ftp://exftpp.symantec.com/pub/support/products/NetBackup_Enterprise_Server/276504.pdf
Highlighted

Client and media,master

Client and media,master servers are running on  windows 2003 OS
Highlighted
Accepted Solution!

actually it's this link

ftp://exftpp.symantec.com/pub/support/products/NetBackup_Enterprise_Server/281623.pdf

VERITAS NetBackup™
Port Usage
UNIX, Windows, and Linux
(apparently it hasn't changed from 6.0)


master -> 6.0 client
vnetd/13724
6.0 client -> master
vnetd/13724

View solution in original post

Highlighted

Firewall ports uni-directiona or bi-directional?

You didnt confirm if the ACL's were applied uni-directional or bi-directional if it was Uni-directional then can you get them changed to bi-directional for the ports 13720 13721 and 13724.