EBS Networker Legato client on RHEL7 with Firewall Rules

Extract the RPMs from the downloaded file

tar xvzf nw821_linux_x86_64.tar.gz

Install the RPM using Yum

cd linux_x86_64/
yum install lgtoclnt-8.2.1-1.x86_64.rpm

Add Exclusions to the Firewall using Firewalld

Create Firewall Service Profile for Networker

[root@CYRIL services]# cat /etc/firewalld/services/Networker.xml 
<?xml version="1.0" encoding="utf-8"?>
<service> 
 <short>Networker</short> 
 <description>Networker Ports for EBS Backup</description> 
 <port protocol="tcp" port="7935"/> 
 <port protocol="tcp" port="7936"/>
 <port protocol="tcp" port="7937"/>
 <port protocol="tcp" port="7938"/>
 <port protocol="tcp" port="7939"/>
 <port protocol="tcp" port="7940"/>
 <port protocol="tcp" port="7941"/>
 <port protocol="tcp" port="7942"/> 
 <port protocol="tcp" port="7943"/> 
 <port protocol="tcp" port="7944"/>
 <port protocol="tcp" port="7945"/>
 <port protocol="udp" port="7938"/>
</service>

Reset permissions on the new service profile

restorecon /etc/firewalld/services/Networker.xml

chmod 640 /etc/firewalld/services/Networker.xml

Create “Rich” firewall rules for IPs from EBS Servers

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.20" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.21" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.22" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.23" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.24" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.25" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.26" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.27" service name="Networker" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.27.15.28" service name="Networker" accept'
firewall-cmd --reload
firewall-cmd --list-all

 

Set EBS client to use correct ports

EBS clients should be configured to listen for traffic from the above range of servers on the following ports:

nsrports -S 7937-7945
  7938/UDP
  7937-7945/TCP

Add Backup Servers to the NSR config file

# vi /nsr/res/servers

mkdir -r /nsr/res

vi /nsr/res/servers

backupserver.mytechdocs.test

Enable Automatic Start of Agent on Reboot

systemctl enable networker
systemctl start networker

Create Exclusions if you have any

root@PAM ]# vi /.nsr
<</db01>>
+skip: *.dbf *.DBF

<</db01_EDW>>
+skip: *.dbf *.DBF

<</fra_onlinelogs>>
+skip: .?* *

Please follow and like us:

Add a Comment

Your email address will not be published. Required fields are marked *