[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPTABLES configuration for tarsnap



Hello,

Problem was fixed now with the help of Colin. Actual rules are now:

$FW -A INPUT -i eth0 -p tcp --sport 9279 -m state --state 
ESTABLISHED,RELATED -j ACCEPT
$FW -A OUTPUT -o eth0 -p tcp --dport 9279 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT

They are not as restrictive as I whish (accepting on every port where 
source port is 9279) but it is working.

Regards,

Max
Am Thu Sep 29 15:00:24 2011 schrieb Daniel Staal:
>
> On Wed, September 28, 2011 1:20 pm, Max Hennig wrote:
>> Hello,
>>
>> I have configured my iptables rules the following way:
>>
>> $FW -A INPUT -i eth0 -p tcp --dport 9279 -m state --state
>> ESTABLISHED,RELATED -j ACCEPT
>> $FW -A OUTPUT -o eth0 -p tcp --sport 9279 -m state --state
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> As the port 9279 was described somewhere on the tarsnap website but I
>> can't find it anymore. It looks like I was missing something as these
>> rules do not seem to be enough because I still get errors from tarsnap
>> saying:
>>
>> tarsnap: Too many network failures
>>
>> Does anyone know what exactly is required by tarsnap or maybe send me
>> his iptables configuration (only those parts regarding tarsnap).
>
> How quickly do you get those errors?  That's tarsnap's generic 'network
> problems' error, and the problem could be anywhere between you and the
> remote server.  (I even get the feeling that it doesn't have to be
> *anywhere* in particular: I'm not sure the failure count resets after any
> amount of time, so if you are uploading a large enough backup set, even
> normal amounts of network errors will eventually cause this.)
>
> Daniel T. Staal
>
> ---------------------------------------------------------------
> This email copyright the author.  Unless otherwise noted, you
> are expressly allowed to retransmit, quote, or otherwise use
> the contents for non-commercial purposes.  This copyright will
> expire 5 years after the author's death, or in 30 years,
> whichever is longer, unless such a period is in excess of
> local copyright law.
> ---------------------------------------------------------------
>