Veeam Backup & Replication fails to connect to Linux servers based on Debian, SLES or RHEL/CentOS distributions with default firewall configuration

KB ID: 2986
Product: Veeam Backup & Replication
Version: any
Published: 2019-08-13
Last Modified: 2022-04-20
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

Veeam Backup & Replication fails to connect to Linux servers based on Debian, SLES or RHEL/CentOS distributions with default firewall configuration.

Cause

Linux OS firewall configuration and/or security rules restrict connections to the required ports.

Solution

Veeam Backup & Replication will attempt to automatically open ports used by the Veeam Data Mover service. However, if that fails, you may need to configure the Linux server's firewall manually. Please review: Adding Linux Servers: Before You Begin for more information.

Default security settings differ for each Linux OS distribution and may require additional configuration to allow connections to the required ports.

NOTE: Starting with Veeam Backup & Replication 10, the traffic port range was reduced from 2500-5000 to 2500-3300. The new port range only applies to newly deployed components after Veeam Backup & Replication 10 is installed. If an environment was upgraded from a version of Veeam Backup & Replication before 10, all existing components that were managed before the upgrade will continue to use 2500-5000.
 

Firewall Rules

Debian

In most Debian distributions, ports from 2500 to 3300 are opened by default. If connections to the Linux server fail, make sure that Linux OS does not have restrictions for this range of ports.

SLES/RHEL/CentOS

Use the iptables utility to allow connections for the port range 2500–3300:

iptables -I INPUT -p tcp --dport 2500:3300 -m state --state NEW -j ACCEPT

SELinux Policy

You must configure the SELinux policy to allow connections to the required range of ports. By default, the SELinux policy may restrict such connections.

If SELinux is active, you can isolate whether it is blocking connections by temporarily disabling it within the /etc/selinux/config file. After saving the file and rebooting, retest the connection. If it works after disabling SELinux, review the SELinux configuration.

Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.