[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPTABLES configuration for tarsnap

To: Daniel Staal <dstaal@usa.net>
Subject: Re: IPTABLES configuration for tarsnap
From: Max Hennig <maximilianrh@googlemail.com>
Date: Thu, 29 Sep 2011 15:08:31 +0200
Cc: tarsnap-users@tarsnap.com
In-reply-to: <d7a4453abb4127691a1fb6df55387204.squirrel@www.magehandbook.com>
References: <4E835767.8070507@googlemail.com> <d7a4453abb4127691a1fb6df55387204.squirrel@www.magehandbook.com>

Hello,

Problem was fixed now with the help of Colin. Actual rules are now:

$FW -A INPUT -i eth0 -p tcp --sport 9279 -m state --state 
ESTABLISHED,RELATED -j ACCEPT
$FW -A OUTPUT -o eth0 -p tcp --dport 9279 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT

They are not as restrictive as I whish (accepting on every port where 
source port is 9279) but it is working.

Regards,

Max
Am Thu Sep 29 15:00:24 2011 schrieb Daniel Staal:
>
> On Wed, September 28, 2011 1:20 pm, Max Hennig wrote:
>> Hello,
>>
>> I have configured my iptables rules the following way:
>>
>> $FW -A INPUT -i eth0 -p tcp --dport 9279 -m state --state
>> ESTABLISHED,RELATED -j ACCEPT
>> $FW -A OUTPUT -o eth0 -p tcp --sport 9279 -m state --state
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> As the port 9279 was described somewhere on the tarsnap website but I
>> can't find it anymore. It looks like I was missing something as these
>> rules do not seem to be enough because I still get errors from tarsnap
>> saying:
>>
>> tarsnap: Too many network failures
>>
>> Does anyone know what exactly is required by tarsnap or maybe send me
>> his iptables configuration (only those parts regarding tarsnap).
>
> How quickly do you get those errors?  That's tarsnap's generic 'network
> problems' error, and the problem could be anywhere between you and the
> remote server.  (I even get the feeling that it doesn't have to be
> *anywhere* in particular: I'm not sure the failure count resets after any
> amount of time, so if you are uploading a large enough backup set, even
> normal amounts of network errors will eventually cause this.)
>
> Daniel T. Staal
>
> ---------------------------------------------------------------
> This email copyright the author.  Unless otherwise noted, you
> are expressly allowed to retransmit, quote, or otherwise use
> the contents for non-commercial purposes.  This copyright will
> expire 5 years after the author's death, or in 30 years,
> whichever is longer, unless such a period is in excess of
> local copyright law.
> ---------------------------------------------------------------
>

References:
- IPTABLES configuration for tarsnap
  - From: Max Hennig <maximilianrh@googlemail.com>
- Re: IPTABLES configuration for tarsnap
  - From: "Daniel Staal" <DStaal@usa.net>

Prev by Date: Re: IPTABLES configuration for tarsnap
Next by Date: Key file passphrase
Previous by thread: Re: IPTABLES configuration for tarsnap
Next by thread: Key file passphrase
Index(es):
- Date
- Thread