I have created entries in the hosts file on the networker server for the clients in the dmz IP info, and on the clients in the dmz, I have created an entry in the hosts file for the networker server IP info.
I can ping the clients in the dmz from the internal network where the networker management console resides, but we do not allow icmp on the DMZ so pings are not returned from there. However, the admin guide just says to open the 4 ports and run nsrports with the port ranges, stop and start the networker services on the client which we have done.
nsradmin on the client returns nsradmin> at the command prompt, which suggests that there is connectivity with the network management server.
rpcinfo on the networker server gives me: command is: rpcinfo -p
program vers proto port 100000 2 tcp 7938 100000 2 udp 7938 390436 1 tcp 9265 390435 1 tcp 9181 390113 1 tcp 7937 program vers proto port 100000 2 tcp 7938 100000 2 udp 7938 390436 1 tcp 9265 390435 1 tcp 9181 390113 1 tcp 7937
Do following from server: echo print | nsradmin -p 390113 -i - -s
If these are multihomed machines you should take that into account as well. savefs usually uses metadata pipe which means in case of multihomed machines it would use prod lan. What happens is that savefs can't talk back to initiator (server). To see how this works start backup again and inspect connection with netstat on both sides and also check for blocks/drops in fw log.
And that was done from the backup server? What about from dmz client towards backup server? Also check that 10.9.2.30 is resolved correctly... btw, you don't use NAT between, don't you?
How many ports do other users open from internal ----> DMZ and from DMZ ------> internal? system in DMZ is a networker client so data will be passing through firewall to a virtual tape library in the internal network.
Number of ports depends on configuration and NW version - there firewall guide which lists that. Are you protecting incoming connections only or both incoming and outgoing?
HabibG2
455 Posts
0
September 24th, 2008 08:00
ble1
4 Operator
•
14.4K Posts
0
September 25th, 2008 13:00
Cumbria
4 Posts
0
September 26th, 2008 06:00
I can ping the clients in the dmz from the internal network where the networker management console resides, but we do not allow icmp on the DMZ so pings are not returned from there. However, the admin guide just says to open the 4 ports and run nsrports with the port ranges, stop and start the networker services on the client which we have done.
nsradmin on the client returns nsradmin> at the command prompt, which suggests that there is connectivity with the network management server.
rpcinfo on the networker server gives me:
command is: rpcinfo -p
program vers proto port
100000 2 tcp 7938
100000 2 udp 7938
390436 1 tcp 9265
390435 1 tcp 9181
390113 1 tcp 7937
program vers proto port
100000 2 tcp 7938
100000 2 udp 7938
390436 1 tcp 9265
390435 1 tcp 9181
390113 1 tcp 7937
rpcinfo on the client gives me:
command is rpcinfo -p
program vers proto port
100000 2 tcp 7938
100000 2 udp 7938
390436 1 tcp 9132
390435 1 tcp 9005
390113 1 tcp 7937
390402 1 tcp 9001
390103 2 tcp 9592
390109 2 tcp 9592
390110 1 tcp 9592
390120 1 tcp 9592
390109 2 udp 8525
390105 5 tcp 9235
390105 6 tcp 9235
390107 5 tcp 9664
390107 6 tcp 9664
390104 305 tcp 8814
390104 505 tcp 8782
390104 705 tcp 8613
390104 905 tcp 8214
390104 1005 tcp 8249
390430 1 tcp 8600
390429 101 tcp 9757
390429 201 tcp 9575
390104 2705 tcp 9206
390104 3105 tcp 8931
390104 3405 tcp 8239
390104 3705 tcp 8496
390104 4005 tcp 8178
390104 1305 tcp 9483
390104 1705 tcp 8647
390104 1905 tcp 9639
390104 2005 tcp 8374
390104 2105 tcp 9028
390104 2405 tcp 8593
390433 1 tcp 9896
program vers proto port
390433 1 tcp 9896
390104 2405 tcp 8593
390104 2105 tcp 9028
390104 2005 tcp 8374
390104 1905 tcp 9639
390104 1705 tcp 8647
390104 1305 tcp 9483
390104 4005 tcp 8178
390104 3705 tcp 8496
390104 3405 tcp 8239
390104 3105 tcp 8931
390104 2705 tcp 9206
390429 201 tcp 9575
390429 101 tcp 9757
390430 1 tcp 8600
390104 1005 tcp 8249
390104 905 tcp 8214
390104 705 tcp 8613
390104 505 tcp 8782
390104 305 tcp 8814
390107 6 tcp 9664
390107 5 tcp 9664
390105 6 tcp 9235
390105 5 tcp 9235
390109 2 udp 8525
390120 1 tcp 9592
390110 1 tcp 9592
390109 2 tcp 9592
390103 2 tcp 9592
390402 1 tcp 9001
390113 1 tcp 7937
390435 1 tcp 9005
390436 1 tcp 9132
4397 1 tcp 963
4397 1 udp 961
Connectivity looks ok, but It's still not working. Is there any connectivity logs I can look at within networker?
ble1
4 Operator
•
14.4K Posts
0
September 26th, 2008 07:00
echo print | nsradmin -p 390113 -i - -s
If these are multihomed machines you should take that into account as well. savefs usually uses metadata pipe which means in case of multihomed machines it would use prod lan. What happens is that savefs can't talk back to initiator (server). To see how this works start backup again and inspect connection with netstat on both sides and also check for blocks/drops in fw log.
Cumbria
4 Posts
0
October 1st, 2008 00:00
type: NSRLA;
name: ;
NW instance info operations: ;
NW instance info file: ;
installed products: ;
version: "EMC NetWorker 7.4.2.Build.431 ";
servers: ;
auth methods: "0.0.0.0/0,nsrauth/oldauth";
administrator: Administrators,
"group=Administrators,host= ";
kernel arch: AMD_X8664;
machine type: server;
OS: Windows Server 2003 5.2;
NetWorker version: 7.4.2.Build.431;
client OS type: Windows NT Server on Intel;
CPUs: 2;
MB used: 73331;
IP address: 10.9.2.30;
type: NSR peer information;
administrator: Administrators,
"group=Administrators,host= ";
name: ;
peer hostname: ;
Change certificate: ;
certificate file to load: ;
type: NSR log;
administrator: Administrators,
"group=Administrators,host= ";
owner: NetWorker;
maximum size MB: 2;
maximum versions: 10;
runtime rendered log: ;
name: daemon.raw;
log path: \
"C:\\Program Files\\Legato\\nsr\\logs\\daemon.raw";
ble1
4 Operator
•
14.4K Posts
0
October 3rd, 2008 12:00
JKcumbria
1 Message
0
October 14th, 2008 06:00
We are not using NAT'd addresses
ble1
4 Operator
•
14.4K Posts
0
October 14th, 2008 06:00