All Clients Offline

Bakaczo2 · December 2, 2022, 1:08pm

Hello,
How UrBackup server realize that client is online or not?

I’m making firewall rules, and I based on ports from administration manual (55413-55415 and 35621-36523)
but even with out/in pass server or pass all to/from xxx.xxx.xxx.255 server thinks all clients offline…

abubin · December 2, 2022, 7:55pm

Did you try also open 35622 UDP?

Bakaczo2 · December 3, 2022, 8:50am

Yes,

Blockquote
-A INPUT -s xxx.xxx.xxx.255 -j ACCEPT
-A INPUT -p tcp -m tcp -s xxxMULTIPLE IPSxxx --dport 55413 -j INPUT_ACCEPT
-A INPUT -p tcp -m tcp -s xxxMULTIPLE IPSxxx --dport 55415 -j INPUT_ACCEPT
-A INPUT -p tcp -m tcp -s xxxMULTIPLE IPSxxx --dport 35621 -j INPUT_ACCEPT
-A INPUT -p tcp -m tcp -s xxxMULTIPLE IPSxxx --dport 35623 -j INPUT_ACCEPT
-A INPUT -p udp -m udp -s xxxMULTIPLE IPSxxx --dport 35623 -j INPUT_ACCEPT
-A INPUT -p udp -m udp -s xxxMULTIPLE IPSxxx --dport 35622 -j INPUT_ACCEPT
-A OUTPUT -p udp -m udp -d xxxMULTIPLE IPSxxx --dport 35622 -j OUTPUT_ACCEPT
-A OUTPUT -p tcp -m tcp -s xxxMULTIPLE IPSxxx --dport 35621 -j OUTPUT_ACCEPT
-A OUTPUT -p tcp -m tcp -s xxxMULTIPLE IPSxxx --dport 35623 -j OUTPUT_ACCEPT
-A OUTPUT -p udp -m udp -d xxxMULTIPLE IPSxxx --dport 35623 -j OUTPUT_ACCEPT
-A OUTPUT -p udp -m udp --dport 35623 -j OUTPUT_DROP

Maybe last rule is bad? I need to allow access to/from several endpoints…

Bakaczo2 · December 3, 2022, 4:55pm

OK, got workaround,
don’t know why, but if iptables is on, all clienct go offline.
By the way, DROP mean Recejt at the end of chain.

But, if I provide IP in Client discovery hints it suddenly showup…

Bakaczo2 · December 16, 2022, 2:44pm

OK, now I have more clue of that “issue”. I don’t believe that’s a urbackup problem, I’m doing something wrong, or don’t do at all.

I modified my my iptables idea totally, cause simple rules wasn’t enough. So I run chains (for interested configs below).

I have two ub machines. first, URBACKUP1 which i use to backup common devices, users pc’s laptops etc.

Second machine, URBACKUP2 is used to backup more critical machines for me.

Naturally there is much more common devices in my network than critical, so my idea to configure firewall is simple.

URBACKUP1 - block traffic to/from criticals, allow the rest
URBACKUP2 - Allow Criticals, block the rest.

So, URBACKUP1 in this config work as intended, it scan network, find devices in it, and just works.

The “problem” is with URBACKUP2, as I mentioned above, it dont see criticals until they aren’t pointed as a client hint. If I remove them from Hints list, they go offline for server, put on the list, they magically show up

The fun thing is:

# tcpdump -G 3600 --interface=em1 -n -w /home/Downloads/tcpdump-R420-fw-on.pcap
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
41725 packets captured
41773 packets received by filter
0 packets dropped by kernel

made when backups weren’t going on. In time of tcp dump I made that Hint list magic

but I see 50 packets wasn’t caught by tcpdump,

Below fw configs, maybe someone knows what I missed?

Maybe someone will find his own use of it : - )

URBACKUP2.txt (2.8 KB)