EBS Networker Legato client on RHEL7 with Firewall Rules
Extract the RPMs from the downloaded file
tar xvzf nw821_linux_x86_64.tar.gz
Install the RPM using Yum
cd linux_x86_64/ yum install lgtoclnt-8.2.1-1.x86_64.rpm
Add Exclusions to the Firewall using Firewalld
Create Firewall Service Profile for Networker
[root@CYRIL services]# cat /etc/firewalld/services/Networker.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>Networker</short> <description>Networker Ports for EBS Backup</description> <port protocol="tcp" port="7935"/> <port protocol="tcp" port="7936"/> <port protocol="tcp" port="7937"/> <port protocol="tcp" port="7938"/> <port protocol="tcp" port="7939"/> <port protocol="tcp" port="7940"/> <port protocol="tcp" port="7941"/> <port protocol="tcp" port="7942"/> <port protocol="tcp" port="7943"/> <port protocol="tcp" port="7944"/> <port protocol="tcp" port="7945"/> <port protocol="udp" port="7938"/> </service>
Reset permissions on the new service profile
restorecon /etc/firewalld/services/Networker.xml
chmod 640 /etc/firewalld/services/Networker.xml
Create “Rich” firewall rules for IPs from EBS Servers
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.20" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.21" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.22" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.23" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.24" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.25" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.26" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.27" service name="Networker" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.28" service name="Networker" accept' firewall-cmd --reload firewall-cmd --list-all
Set EBS client to use correct ports
EBS clients should be configured to listen for traffic from the above range of servers on the following ports:
nsrports -S 7937-7945
7938/UDP 7937-7945/TCP
Add Backup Servers to the NSR config file
# vi /nsr/res/servers
mkdir -r /nsr/res
vi /nsr/res/servers backupserver.mytechdocs.test
Enable Automatic Start of Agent on Reboot
systemctl enable networker
systemctl start networker
Create Exclusions if you have any
root@PAM ]# vi /.nsr
<</db01>>
+skip: *.dbf *.DBF
<</db01_EDW>>
+skip: *.dbf *.DBF
<</fra_onlinelogs>>
+skip: .?* *
About Author
Hi,
O/S RHEL9.2.
I did all of the above, started networker, and got:
[ AMQP] Connecting to / on 12.7.0.0.1
[AMPQ] Failed to establish connection to 127.0.0.1: Connection refused by the other side: 111: Connection refused.
Why is NSR trying to connect to itself on a privileged port such as 111?
Regards, P
I’m going to guess that SELINUX is blocking it. Maybe a new version of the backup agent has been released that will work better with RHEL9 and higher.