--hi, bacula returns this error message:
06-juin 14:56 Bacula-dir JobId 1569 : Warning: bsock.c:129 impossible to connect at Storage daemon on 192.168.1.15:9103. ERR=Connection failed i think i have a problem with my iptables rules but i don't know where, i need somebody help to resolve this problem. This is my iptables rules: #!/bin/sh # Script "iptables-start.sh" IPT="/sbin/iptables" INTERNET="eth0" echo "0" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/tcp_syncookies echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses $IPT -F $IPT -X $IPT -P INPUT DROP $IPT -P OUTPUT DROP $IPT -P FORWARD DROP $IPT -N BAD_PACKETS $IPT -t nat -F $IPT -t nat -X $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT $IPT -t mangle -F $IPT -t mangle -X $IPT -t mangle -P PREROUTING ACCEPT $IPT -t mangle -P INPUT ACCEPT $IPT -t mangle -P OUTPUT ACCEPT $IPT -t mangle -P FORWARD ACCEPT $IPT -t mangle -P POSTROUTING ACCEPT $IPT -P INPUT DROP $IPT -A FORWARD -o eth0 -j ACCEPT $IPT -A OUTPUT -o eth0 -j ACCEPT $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT $IPT -A INPUT -p icmp --icmp-type echo-request -m limit --limit 20/s --limit-burst 100 -j ACCEPT $IPT -A OUTPUT -p icmp --icmp-type echo-request -m limit --limit 20/s --limit-burst 100 -j ACCEPT $IPT -A INPUT -p icmp --icmp-type redirect -j DROP $IPT -A INPUT -p icmp --icmp-type network-redirect -j DROP $IPT -A INPUT -p icmp --icmp-type TOS-network-redirect -j DROP $IPT -A INPUT -p icmp --icmp-type TOS-host-redirect -j DROP $IPT -A INPUT -p icmp -j ACCEPT $IPT -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A OUTPUT --match state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A INPUT -p tcp --dport ssh -s 192.168.0.0/16 -d 0.0.0.0/0.0.0.0 -j ACCEPT $IPT -A OUTPUT -p tcp --sport ssh -s 192.168.0.0/16 -d 0.0.0.0/0.0.0.0 -j ACCEPT $IPT -A INPUT -p tcp --dport 80 -j ACCEPT $IPT -A INPUT -p udp --dport 5353 -j ACCEPT # port https $IPT -A INPUT -p tcp --dport 443 -j ACCEPT $IPT -A INPUT -p tcp --dport 137:139 -s 192.168.0.0/16 -i eth0 -j ACCEPT $IPT -A INPUT -p udp --dport 137:139 -s 192.168.0.0/16 -i eth0 -j ACCEPT $IPT -A INPUT -p tcp --dport 445 -s 192.168.0.0/16 -i eth0 -j ACCEPT # bacula rules $IPT -A OUTPUT -p tcp --dport 9102:9103 -o $INTERNET -m state --state NEW -j ACCEPT $IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9101:9103 -j ACCEPT $IPT -A INPUT -p tcp --dport 123 -j ACCEPT $IPT -A INPUT -p udp --dport 123 -j ACCEPT $IPT -A OUTPUT -p udp --dport 53 -o $INTERNET -m state --state NEW -j ACCEPT $IPT -A INPUT -i eth0 -p tcp --dport 3306 -s 192.168.1.15 -d 192.168.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPT -A OUTPUT -p tcp -s 192.168.0.0/16 --sport 3306 -d 192.168.1.15 -m state --state ESTABLISHED -j ACCEPT #Log $IPT -A INPUT -i eth0 -j LOG --log-level info --log-prefix "INPUT DROP: " $IPT -A OUTPUT -o eth0 -j LOG --log-level info --log-prefix "OUTPUT DROP: " $IPT -A FORWARD -o eth0 -j LOG --log-level info --log-prefix "FORWARD DROP: " $IPT -A INPUT -s 0.0.0.0/0.0.0.0 -j DROP $IPT -A OUTPUT -s 0.0.0.0/0.0.0.0 -j DROP $IPT -A FORWARD -s 0.0.0.0/0.0.0.0 -j DROP #Drop #Jump To BAD_PACKETS $IPT -A INPUT -j BAD_PACKETS $IPT -A BAD_PACKETS -p TCP ! --syn -m state --state NEW -j DROP $IPT -A BAD_PACKETS -p TCP --tcp-flags ALL ALL -j DROP $IPT -A BAD_PACKETS -p TCP --tcp-flags ALL NONE -j DROP $IPT -A BAD_PACKETS -p TCP --tcp-flags ALL SYN \-m state --state ESTABLISHED -j DROP $IPT -A BAD_PACKETS -p ICMP --fragment -j DROP $IPT -A BAD_PACKETS -m state --state INVALID -j DROP $IPT -A BAD_PACKETS -d 255.255.255.255 -j DROP $IPT -A BAD_PACKETS -j RETURN ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
