Backup Central

I've got a RHEL3 client behind a Cisco router with NAT with these
ports punched through: 111, 7937 & 7938. NetWorker is working,
but commands on the client are balking for ~ 10 seconds... because
they can't contact portmap on the client.

After digging around a little, I realized that the Cisco won't
allow systems on the private side to contact the punched through
ports via the public address. To wit: rpcinfo -c private_address
works but rpcinfo -c public_address fails "connection refused."

Does anyone know of a work-around? Better yet, does anyone know
the correct Cisco IOS magic?? What I have is...

ip nat inside source static tcp 10.10.10.10 111 interface Ethernet1 111
ip nat inside source static tcp 10.10.10.10 7937 interface Ethernet1 7937
ip nat inside source static tcp 10.10.10.10 7938 interface Ethernet1 7938

steve
- - -
systems & network manager
high energy physics
university of wisconsin

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Hi Steve,

If I am not wrong more ports need to open across the firewall & Legato needs
NAT disabled.

Regards,
Anuj Mediratta
Phone: +919312634262
To know more about our services, do log on to www.ace-data.com

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER < at > LISTSERV.TEMPLE.EDU] On
Behalf Of rader < at > GINSENG.HEP.WISC.EDU
Sent: Friday, April 08, 2005 3:36 PM
To: NETWORKER < at > LISTSERV.TEMPLE.EDU
Subject: [Networker] problems with a client behind a Cisco with NAT

I've got a RHEL3 client behind a Cisco router with NAT with these
ports punched through: 111, 7937 & 7938. NetWorker is working,
but commands on the client are balking for ~ 10 seconds... because
they can't contact portmap on the client.

After digging around a little, I realized that the Cisco won't
allow systems on the private side to contact the punched through
ports via the public address. To wit: rpcinfo -c private_address
works but rpcinfo -c public_address fails "connection refused."

Does anyone know of a work-around? Better yet, does anyone know
the correct Cisco IOS magic?? What I have is...

ip nat inside source static tcp 10.10.10.10 111 interface Ethernet1 111
ip nat inside source static tcp 10.10.10.10 7937 interface Ethernet1 7937
ip nat inside source static tcp 10.10.10.10 7938 interface Ethernet1 7938

steve
- - -
systems & network manager
high energy physics
university of wisconsin

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

If I am not wrong more ports need to open across the firewall

You are wrong. System traces of recover and rpcinfo -c clearly
show the problem is caused by repeated attempts to connect to the
portmap port (111), which is punched through...

connect(3, {sa_family=AF_INET, sin_port=htons(111), \
sin_addr=inet_addr("public_address_here")}, 16) \
= -1 ECONNREFUSED (Connection refused)

Legato needs NAT disabled.

No, I doesn't. NetWorker works with NAT when the appropiate
ports are punched through. It just balks on the client-side.
(Besides, disabling NAT is not an option.)

steve
- - -

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER < at > LISTSERV.TEMPLE.EDU] O
n
Behalf Of rader < at > GINSENG.HEP.WISC.EDU
Sent: Friday, April 08, 2005 3:36 PM
To: NETWORKER < at > LISTSERV.TEMPLE.EDU
Subject: [Networker] problems with a client behind a Cisco with NAT

I've got a RHEL3 client behind a Cisco router with NAT with these
ports punched through: 111, 7937 & 7938. NetWorker is working,
but commands on the client are balking for ~ 10 seconds... because
they can't contact portmap on the client.

After digging around a little, I realized that the Cisco won't
allow systems on the private side to contact the punched through
ports via the public address. To wit: rpcinfo -c private_address
works but rpcinfo -c public_address fails "connection refused."

Does anyone know of a work-around? Better yet, does anyone know
the correct Cisco IOS magic?? What I have is...

ip nat inside source static tcp 10.10.10.10 111 interface Ethernet1 111
ip nat inside source static tcp 10.10.10.10 7937 interface Ethernet1 7937
ip nat inside source static tcp 10.10.10.10 7938 interface Ethernet1 7938

steve
- - -
systems & network manager
high energy physics
university of wisconsin

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Are you using access control lists (or a real firewall) in addition to NAT
(I would assume so)? Having not personally tried it, I'm not positive that
NetWorker will work with NAT. But from what you describe, it smells more
like a filtering issue than a NAT issue...

CurtisE

-----Original Message-----
From: Legato NetWorker discussion
[mailto:NETWORKER < at > LISTSERV.TEMPLE.EDU]On Behalf Of
rader < at > GINSENG.HEP.WISC.EDU
Sent: Friday, April 08, 2005 3:06 AM
To: NETWORKER < at > LISTSERV.TEMPLE.EDU
Subject: [Networker] problems with a client behind a Cisco with NAT


I've got a RHEL3 client behind a Cisco router with NAT with these
ports punched through: 111, 7937 & 7938. NetWorker is working,
but commands on the client are balking for ~ 10 seconds... because
they can't contact portmap on the client.

After digging around a little, I realized that the Cisco won't
allow systems on the private side to contact the punched through
ports via the public address. To wit: rpcinfo -c private_address
works but rpcinfo -c public_address fails "connection refused."

Does anyone know of a work-around? Better yet, does anyone know
the correct Cisco IOS magic?? What I have is...

ip nat inside source static tcp 10.10.10.10 111 interface Ethernet1 111
ip nat inside source static tcp 10.10.10.10 7937 interface Ethernet1 7937
ip nat inside source static tcp 10.10.10.10 7938 interface Ethernet1 7938

steve
- - -
systems & network manager
high energy physics
university of wisconsin

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu

Note: To sign off this list, send a "signoff networker" command via email
to listserv < at > listserv.temple.edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
should be sent to stan < at > temple.edu