Veeam Backup & Replication Fails to Connect to Linux Servers Due to Firewall Configuration

KB ID: 2986
Product: Veeam Backup & Replication
Published: 2019-08-13
Last Modified: 2022-06-16
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

Veeam Backup & Replication may fail to connect to some Linux servers depending on their firewall configuration.

For example, distributions based on Debian, SLES, or RHEL have default firewall configurations that may block necessary connections.

Cause

Linux OS firewall configuration and/or security rules restrict connections to the required ports.

Solution

Veeam Backup & Replication will attempt to automatically open ports used by the Veeam Data Mover service. However, if that fails, you may need to configure the Linux server's firewall manually. Please review: Adding Linux Servers: Before You Begin for more information.

Default security settings differ for each Linux OS distribution and may require additional configuration to allow connections to the required ports.

NOTE: Starting with Veeam Backup & Replication 10, the traffic port range was reduced from 2500-5000 to 2500-3300. The new port range only applies to newly deployed components after Veeam Backup & Replication 10 is installed. If an environment was upgraded from a version of Veeam Backup & Replication before 10, all existing components that were managed before the upgrade will continue to use 2500-5000.
 

Firewall Rules

If connections to a Linux server fail, ensure that the Linux server does not have firewall restrictions for ports 2500-3300.

If the distro uses UFW or FirewallD, remove the IPTables entry used for testing after troubleshooting is completed and integrate the ports rule into the firewall solution.

Example of Firewall wall rule configuration using iptables:

iptables -I INPUT -p tcp --dport 2500:3300 -m state --state NEW -j ACCEPT

SELinux Policy

You must configure the SELinux policy to allow connections to the required range of ports. By default, the SELinux policy may restrict such connections.

If SELinux is active, you can isolate whether it is blocking connections by temporarily disabling it within the /etc/selinux/config file. After saving the file and rebooting, retest the connection. If it works after disabling SELinux, review the SELinux configuration.

Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.