如果在Unix或Linux安装配置好了Symantec Backup Exec Agent For Linux,但是在Symantec Backup Exec服务端无法访问Symantec Backup Exec Agent,那么此时你首先应该检查Unix或Linux上的Symantec Backup Exec Agent服务是否启动。如下所示,可以确认Symantec Backup Exec Agent服务已经启动。如果没有启动,可以执行/etc/init.d/VRTSralus.init start 命令启动服务。(注意:出于一些原因,原服务器名称我会用db-server替换)
[root@db-server ~]# lsof -i tcp:10000COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
beremote 3495 root 5u IPv4 13184 TCP *:ndmp (LISTEN)
[root@db-server ~]# ps -ef | grep beremoteroot 3495 1 0 Nov02 ? 00:00:09 /opt/VRTSralus/bin/beremote
root 5906 2573 0 12:02 pts/2 00:00:00 grep beremote
[root@db-server ~]#
那么接下来,我们看看是否可以通过端口10000号telnet到Linux服务器,如下所示,连接失败(Connection failed),那么我们可以确认是Linux上的防火墙问题
如果你想确认一下,可以临时关闭防火墙服务测试一下(service iptables stop)。
那么接下来需要配置防火墙,我们需要使用下面命令添加端口号10000
iptables -A INPUT -s <Media Server IP> -d <Unix Server IP> -p tcp --dport 10000 -j ACCEPT
[root@db-server ~]# iptables -A INPUT -s 192.168.16.16 -d 192.168.16.3 -p tcp --dport 10000 -j ACCEPT[root@db-server ~]# service iptables saveSaving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@db-server ~]# service iptables restartFlushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns ip_conntrack_ftp [ OK ]
[root@db-server ~]#
结果继续使用telnet测试,发现问题依然存在,很是纳闷,检查iptables发现如下信息
[root@db-server ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Tue Nov 4 12:14:53 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [46679:7171562]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -s 192.168.16.16 -d 192.168.16.3 -p tcp -m tcp --dport 10000 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8088 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5902 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Nov 4 12:14:53 2014
该Linux服务器版本为Oracle Linux Server release 5.7,需要修改上面红色部分的配置,改为下面配置,然后重启iptables服务。问题解决。
如果还有问题,那么你可以像192.168.16.16开放所有端口。然后重启防火墙服务。如下所示
################################################################################---------------- Symantec BE 2010 Linux agent --------------------A RH-Firewall-1-INPUT -p tcp -m tcp -s 192.168.16.16 -j ACCEPT
###############################################################################
[root@nbolnx01 ~]# service iptables restartFlushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_ns ip_conntrack_ftp [ OK ]
参考资料:
http://www.symantec.com/business/support/index?page=content&id=TECH68258