FIREWALL_IN
The FIREWALL_IN configuration option provides a method to use a NetBackup Administration Console that is outside of a trusted network to administer the NetBackup primary servers that are within a trusted network.
This option uses the following format.
On Windows:
SET FIREWALL_IN= HOST1:PORT1=HOST2:PORT2;IP_ADDR1:PORT3=IP_ADDR2:PORT4 SET FIREWALL_IN >> "%NBJDIR%"\nbjconf
On UNIX:
FIREWALL_IN= HOST1:PORT1=HOST2:PORT2[;...;HOSTn:PORTn=HOSTm:PORTm]
Where HOST is a host name or an IP address.
This configuration option provides a way to allow administrators to bypass the firewall by using one of the following methods:
Enter the port number of the bpjava service in the trusted internal network. Then, map the private interface where the bpjava service runs to a public interface that can be reached from outside the firewall.
Set up a Secure Shell (SSH) tunnel from the local host to the system inside the firewall.
In the following example:
Primary server NBPrimary.abc.com is in a trusted network, behind a firewall.
The IP address of NBPrimary.abc.com is 10.221.12.55.
The NetBackup Administration Console is installed on localhost.
SSH tunnels exist from localhost to NBPrimary.abc.com as follows:
bpjava-msvc port (default 13722) | localhost:port1 |
vnetd port (default 13724) | localhost:port2 |
pbx port (default 1556) | localhost:12345 |
Where localhhost is the host name and port1 is the IP port.
To make relevant changes for connections to bpjava-msvc and vnetd, see the following topic:
See VNETD_PORT.
On Windows systems, use setconf.bat to add the option:
SET FIREWALL_IN= NBMaster.abc.com:1556=localhost:12345;10.221.12.55:12345=localhost:12345 SET FIREWALL_IN >> "%NBJDIR%"\nbjconf
On UNIX systems, add the following line to the nbj.conf file:
FIREWALL_IN=NBPrimary.abc.com:1556=localhost:12345;10.221.12.55:12345=localhost:12345
The entry indicates the following:
The connection to NBPrimary.abc.com:1556 is to be redirected to localhost:12345.
The connection to 10.221.12.55:1556 is to be redirected to localhost:12345.
Note:
The same options are used if NBPrimary.abc.com has a public interface (NBPrimarypub.abc.com) that can be reached from the Internet. In this case, the administrator replaces localhost with NBPrimaryPub.abc.com.