Open DaveAtFraud opened 8 months ago
Hey @DaveAtFraud,
Thank you for reporting this.
I will check with the Amanda team and get back to you on this.
I will document the list of allowed ports or port ranges I will push it to wiki.zmanda.com for future reference.
Hey @DaveAtFraud,
I want to understand your problem a little better.
Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20436 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: security_streaminit(stream=0x558f5c39a140, driver=0x7f2f1fe2a720 (BSD)) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server opening socket with family 2 (requested family was 2) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: send buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: receive buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20437: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20437
These are server logs right? Is the server amandabackup
user on your new machine a privileged root user. [Edit] because if it's not root, it will try to use unreserved ports [\Edit]
So I reviewed the code. If you're not a privileged user, we use unreserved ports between 1024
and 65535
.
If you can confirm, I will add this piece of information into the documentation.
I'm getting ready to do some hardware and OS (CentOS 7 -> Rocky 9) improvements that include my amanda server. I have cut in a temporary amanda server as part of this process with both the old and new server currently running in parallel at different times so there is no conflict. I'm seeing apparently random backup failures of some hosts. I traced this to the amanda client attempting to open some ports to the amanda server. What I see in the amanda debug logs is:
Sat Nov 11 18:15:08 2023: thd-0x55fa2bd08e00: amandad: dgram_send_addr(addr=0x55fa2bd12b70, dgram=0x7f744b4a97c8) Sat Nov 11 18:15:08 2023: thd-0x55fa2bd08e00: amandad: (sockaddr_in *)0x55fa2bd12b70 = { 2, 778, 192.168.0.4 } Sat Nov 11 18:15:08 2023: thd-0x55fa2bd08e00: amandad: dgram_send_addr: 0x7f744b4a97c8->socket = 0 Sat Nov 11 18:15:18 2023: thd-0x55fa2bd08e00: amandad: timeout Sat Nov 11 18:15:18 2023: thd-0x55fa2bd08e00: amandad: timeout waiting for ACK for our REP Sat Nov 11 18:15:18 2023: thd-0x55fa2bd08e00: amandad: security_close(handle=0x55fa2bd12b30, driver=0x7f744b48c720 (BSD)) Sat Nov 11 18:15:27 2023: thd-0x55fa2bd08e00: amandad: timeout exit Sat Nov 11 18:15:27 2023: thd-0x55fa2bd08e00: amandad: pid 8845 finish time Sat Nov 11 18:15:27 2023
Looking up the amandad debug log I saw:
Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20436 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: security_streaminit(stream=0x558f5c39a140, driver=0x7f2f1fe2a720 (BSD)) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server opening socket with family 2 (requested family was 2) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: send buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: receive buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20437: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20437
which seems to indicate that amandad on the client is attempting to open random (?) ports back to the amanda server system. I'm surprised this works at all since I only open the documented amanda client port. Amanda works as expected if I disable the firewall on the amanda server but this is not an acceptable workaround. At a minimum the specific ports or port range used should be documented. Better would be to have the ports configurable but this would be a software change.