Symantec Backup Exec Agent for Linux firewall issues

If you installed Symantec Backup Exec Agent for Linux on a UNIX or Linux installation, but you cannot access the Symantec Backup Exec Agent on the Symantec Backup Exec server, At this point you should first check whether the Symantec Backup Exec Agent service on UNIX or Linux is started. As shown below, you can confirm that the Symantec Backup Exec Agent service is started. If it does not start, you can execute the/etc/init.d/vrtsralus.init start command to start the service. (Note: For some reason, the original server name I will replace with Db-server)

[[Email protected] ~] # lsof-i tcp:10000

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

Beremote 3495 root 5u IPv4 13184 TCP *:ndmp (LISTEN)

[[Email protected] ~] # Ps-ef | grep beremote

Root 3495 1 0 Nov02? 00:00:09/opt/vrtsralus/bin/beremote

Root 5906 2573 0 12:02 pts/2 00:00:00 grep beremote

So next, let's see if we can telnet to the Linux server via port 10,000th, as shown below, the connection fails (Connection failed), then we can confirm that it is a firewall problem on Linux

If you want to confirm, you can temporarily shut down the Firewall service test (service iptables stop).

Then we need to configure the firewall, we need to use the following command to add the port number 10000

Iptables-a input-s <media Server ip>-D <unix Server ip>-P TCP--dport 10000-j ACCEPT

[[Email protected] ~] # iptables-a input-s 192.168.16.16-d 192.168.16.3-p tcp--dport 10000-j ACCEPT

[[Email protected] ~] # service Iptables Save

Saving firewall rules to/etc/sysconfig/iptables: [OK]

[[Email protected] ~] # service Iptables Restart

Flushing firewall rules: [OK]

Filter [OK]

Unloading iptables modules: [OK]

Applying iptables firewall rules: [OK]

Loading additional iptables Modules:ip_conntrack_netbios_ns ip_conntrack_ftp [OK]

The results continue to use the Telnet test, found that the problem persists, it is very puzzling, check iptables found the following information

[Email protected] ~]# More/etc/sysconfig/iptables
# Generated by Iptables-save v1.3.5 on Tue Nov 4 12:14:53 2014
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [46,679:7,171,562]
: Rh-firewall-1-input-[0:0]
-A input-j Rh-firewall-1-input
-A input-s 192.168.16.16-d 192.168.16.3-p tcp-m tcp--dport 10000-j ACCEPT
-A forward-j Rh-firewall-1-input
-A rh-firewall-1-input-i lo-j ACCEPT
-A rh-firewall-1-input-p icmp-m ICMP--icmp-type any-j ACCEPT
-A rh-firewall-1-input-p esp-j ACCEPT
-A rh-firewall-1-input-p ah-j ACCEPT
-A rh-firewall-1-input-d 224.0.0.251-p udp-m UDP--dport 5353-j ACCEPT
-A rh-firewall-1-input-p udp-m UDP--dport 631-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 631-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 8080-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 8088-j ACCEPT
-A rh-firewall-1-input-m state--state related,established-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 21-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 22-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 5901-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 5902-j ACCEPT
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 1521-j ACCEPT
-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited
COMMIT
# completed on Tue Nov 4 12:14:53 2014

The Linux server version is Oracle Linux Server release 5.7, you need to modify the configuration of the red section above, configure it below, and then restart the Iptables service. Problem solving.

[[Email protected] ~] # service Iptables Restart

Flushing firewall rules: [OK]

Filter [OK]

Unloading iptables modules: [OK]

Applying iptables firewall rules: [OK]

Loading additional iptables Modules:ip_conntrack_netbios_ns ip_conntrack_ftp [OK]

Resources:

http://www.symantec.com/business/support/index?page=content&id=TECH68258

Symantec Backup Exec Agent for Linux firewall issues