If you installed Symantec Backup Exec Agent for Linux on a UNIX or Linux installation, but you cannot access the Symantec Backup Exec Agent on the Symantec Backup Exec server, At this point you should first check whether the Symantec Backup Exec Agent service on UNIX or Linux is started. As shown below, you can confirm that the Symantec Backup Exec Agent service is started. If it does not start, you can execute the/etc/init.d/vrtsralus.init start command to start the service. (Note: For some reason, the original server name I will replace with Db-server)
[[Email protected] ~] # lsof-i tcp:10000
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Beremote 3495 root 5u IPv4 13184 TCP *:ndmp (LISTEN)
[[Email protected] ~] # Ps-ef | grep beremote
Root 3495 1 0 Nov02? 00:00:09/opt/vrtsralus/bin/beremote
Root 5906 2573 0 12:02 pts/2 00:00:00 grep beremote
So next, let's see if we can telnet to the Linux server via port 10,000th, as shown below, the connection fails (Connection failed), then we can confirm that it is a firewall problem on Linux
If you want to confirm, you can temporarily shut down the Firewall service test (service iptables stop).
Then we need to configure the firewall, we need to use the following command to add the port number 10000
Iptables-a input-s <media Server ip>-D <unix Server ip>-P TCP--dport 10000-j ACCEPT
[[Email protected] ~] # iptables-a input-s 192.168.16.16-d 192.168.16.3-p tcp--dport 10000-j ACCEPT
[[Email protected] ~] # service Iptables Save
Saving firewall rules to/etc/sysconfig/iptables: [OK]
[[Email protected] ~] # service Iptables Restart
Flushing firewall rules: [OK]
Filter [OK]
Unloading iptables modules: [OK]
Applying iptables firewall rules: [OK]
Loading additional iptables Modules:ip_conntrack_netbios_ns ip_conntrack_ftp [OK]
The results continue to use the Telnet test, found that the problem persists, it is very puzzling, check iptables found the following information
[Email protected] ~]# More/etc/sysconfig/iptables
# Generated by Iptables-save v1.3.5 on Tue Nov 4 12:14:53 2014
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [46,679:7,171,562]
: Rh-firewall-1-input-[0:0]
-A input-j Rh-firewall-1-input
-A input-s 192.168.16.16-d 192.168.16.3-p tcp-m tcp--dport 10000-j ACCEPT
-A forward-j Rh-firewall-1-input
-A rh-firewall-1-input-i lo-j ACCEPT
-A rh-firewall-1-input-p icmp-m ICMP--icmp-type any-j ACCEPT
-A rh-firewall-1-input-p esp-j ACCEPT
-A rh-firewall-1-input-p ah-j ACCEPT
-A rh-firewall-1-input-d 224.0.0.251-p udp-m UDP--dport 5353-j ACCEPT
-A rh-firewall-1-input-p udp-m UDP--dport 631-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 631-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 8080-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 8088-j ACCEPT
-A rh-firewall-1-input-m state--state related,established-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 21-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 22-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 5901-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 5902-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 1521-j ACCEPT
-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited
COMMIT
# completed on Tue Nov 4 12:14:53 2014
The Linux server version is Oracle Linux Server release 5.7, you need to modify the configuration of the red section above, configure it below, and then restart the Iptables service. Problem solving.
[[Email protected] ~] # service Iptables Restart
Flushing firewall rules: [OK]
Filter [OK]
Unloading iptables modules: [OK]
Applying iptables firewall rules: [OK]
Loading additional iptables Modules:ip_conntrack_netbios_ns ip_conntrack_ftp [OK]
Resources:
http://www.symantec.com/business/support/index?page=content&id=TECH68258
Symantec Backup Exec Agent for Linux firewall issues