I’m trying to do a remote install of Acronis Backup on my SLES box. Amongst others, it requires port 9876 to be open.
In YaSt firewall, I’ve added 9876 to ‘Allowed Services’ → Advanced (TCP) and restarted the firewall.
9876 is added to the FW_SERVICES_EXT_UDP variable in /etc/sysconfig/SuSEfirewall2.
When I do a port scan of my network for port 9876 using Angry IP Scanner, I can see 9876 open on other nodes, but not on my SLES machine.
If I execute ‘iptables -L | grep 9876’ it returns nothing.
If I turn off the firewall in YaST, 9876 is still closed to the port scanner.
I’ve added 9876 to ‘Allowed Services’ → Advanced (TCP) and restarted the firewall
9876 is added to the FW_SERVICES_EXT_UDP
that looks strange - should that read FW_SERVICES_EXT_TCP?
If I execute ‘iptables -L | grep 9876’ it returns nothing.
likely the rules a reported with a port name of “sd”. Run “iptables -L -n | grep 9876” instead.
If I turn off the firewall in YaST, 9876 is still closed to the port scanner.
Is the according Acronis service running on your server? Does “lsof -i4 -P|grep 9876” list a process having that port open at the time you’re scanning the server?
If I turn off the firewall in YaST, 9876 is still closed to the port scanner.
Is the according Acronis service running on your server? Does “lsof -i4 -P|grep 9876” list a process having that port open at the time you’re scanning the server?
This is the problem - Acronis can’t actual do the installation because the port was closed, so there’s no Acronis software running on the machine at all
[/I][/COLOR]
Regards,
J[/QUOTE]
seems your firewall is set up correctly - while we don’t see the exact chain the “ACCEPT” rule is placed into, it’s there at all and likely in the right place. IF you add “-v” to the iptables invocation, you’ll see the number of hits as well. Once the software is started and clients connect to your machine, numbers should be increasing for this rule.
This is the problem - Acronis can’t actual do the installation because the port was closed, so there’s no Acronis software running on the machine at all
I’m a bit picky on words here - Acronis should fail if the port is open, because then the port already is in use by some other daemon. But of course it may have failed because the port was blocked for incoming traffic by the firewall at the time of the installation. If Acronis offers no mechanism to pick up at that step, you may as well need to re-install it.
But: A port blocked by the firewall usually doesn’t affect server software installations - from the server software’s POV, all network sockets can be opened and are in listening state. It’s just that no traffic from remotes will reach the server software. The only time this will be a problem is when that piece of software you’re installing, depends on some remote service to connect to the installer (or a later stage of it), i.e. for configuration updates. But then, it’s the same as if the remote isn’t reachable for any other reason, i.e. because you’re installing in a separate, isolated installation environment, rather than in the final production environment.