Do you have a special "backup" network? If it's accessible on (say) eth1, then
Or, if you want to restrict a client so that it only receives connections from the cell manager (if the cell manager has an IP address of 192.168.200.100:iptables -I INPUT -p tcp -i eth1 --dport 5555 -j ACCEPT
You could get the same effect by adding an only_from parameter in /etc/xinetd.d/omni or by turning on cell security.iptables -I INPUT -p tcp -s 192.168.200.100 --dport 5555 -j ACCEPT
If the client also has tape drives (or the robotic control for a tape library) attached then you will need to open up a range of port numbers. Here I've allowed 10 concurrent connections, which would be appropriate for a 9-drive tape library with a robotic controller:
test -e /opt/omni/.omnirc || cp /opt/omni/.omnirc.TMPL /opt/omni/.omnirc echo OB2PORTRANGESPEC=xMA-NET:18000-18009 >> /opt/omni/.omnirc for port in 18000 18001 18002 18003 18004 18005 18006 18007 18008 18009 do iptables -I INPUT -p tcp --dport $port -j ACCEPT done
And if you are running the StoreOnce software component on this Linux machine, then you will need ports 9387 and 9388 (unless you have changed them).
Finally, save it for the next reboot:iptables -I INPUT -p tcp --dport 9387 -j ACCEPT iptables -I INPUT -p tcp --dport 9388 -j ACCEPT
service iptables save
Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://x.ifost.org.au/dp-book). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector
No comments:
Post a Comment