IPtables is rarely enabled on our Linux servers due to datacenter firewalls. In a recent instance where this has been enabled, backups are unable to run. I've confirmed that IPtables is allowing communication on 28001:28002 between the server and the utility node, and there are no outbound restrictions for GSAN communication. My only clue at this point are errors in the avtar log that suggest the agent is unable to communicate on the server's loopback address:
2014-12-12 06:37:00 avtar Error <6658>: Unable to connect to 127.0.0.1:39782 for CTL messages (Log #1)
2014-12-12 06:37:00 avtar FATAL <10790>: Unable to connect to 127.0.0.1:39782 with proprietary encryption (Log #1)
Are there specific loopback ports that avtar and/or avagent uses? That particular port is not even open/being listened on in this server. On other failed backups for this server, a couple of other loopback ports are listed, none of which are currently opened/listened on by any running process(es).
There must be a missing loop back IP on lo interface . Try to ping loopback IP/localhost (i.e #ping localhost ). If it is missing then add loopback IP on lo interface.
I apologize, I had a reply to this typed up but forgot to hit submit.
When avagent starts up a job, it opens a listen port for avtar (or the relevant plug-in) to use for message passing. This port will not be kept open unless the job is running.
It's somewhat unusual to block traffic on 127.0.0.1 with a firewall. Most firewall rulesets I've seen include a "short circuit" that allows communication on the loopback address once it's passed an antispoof rule precisely to prevent issues like this.