Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] How to deal with NAT

2009-05-06 15:52:08
Subject: Re: [Bacula-users] How to deal with NAT
From: Patrick Ben Koetter <p AT state-of-mind DOT de>
To: bacula-users AT lists.sourceforge DOT net
Date: Wed, 6 May 2009 21:44:38 +0200 
* Kevin Keane <subscription AT kkeane DOT com>:
> I solved exactly this issue with SSH tunnels. The description on how I 
> did it is in the Bacula Wiki in the howto section.

Thanks for the reference. I had had a look at it earlier and had kept it on my
mind. After your posting I tried and failed. I believe I am close, but I just
can't get a hand on it:

I installed and verified SSH for bacula user.

If I su to bacula, I can establish the tunnels:

    /usr/bin/ssh -fC2 -R 9101:backup.office.state-of-mind.de:9101 -R 
9103:backup.office.state-of-mind.de:9103 -L 9112:localhost:9102 
mail.state-of-mind.de

If I try to connect to fd on mail.state-of-mind.de I get a connection refused
though:

    06-May 21:39 backup-dir JobId 0: Fatal error: bsock.c:129 Unable to connect 
to Client: mail-fd on localhost:9112. ERR=Connection refused

I've verified the passwords. I could connect and 'estimate' before I started
tunneling. I believe I changed only as advised in the HOWTO.


I tried "set debuglevel" using bconsole, but that doesn't work, since I can't
connect to the external FD and tell it to raise the debug level.

Any advisory what I should do to track this down?

Thanks,

p@rick



> 
> Patrick Ben Koetter wrote:
> > I run bacula-dir and bacula-sd in an internal network and a few hosts 
> > outside
> > on the Internet.
> >
> > When I want to run a job for an external host, the host tells me it can
> > resolve the storage server. Understandable. There's no DNS that tells about
> > the internal hosts address.
> >
> > But even if, the client wouldn't be able to connect since the storage sits 
> > in
> > a private network behind a NAT gateway.
> >
> > I've read "Dealing with Firewalls"
> > <http://www.bacula.org/en/rel-manual/Dealing_with_Firewalls.html>, but from 
> > my
> > (limited) understanding an essential part is missing - the part where the
> > external connection is port forwarded to the internal storage server.
> >
> > Am I right?
> >
> > Are there any other 'good solutions' to deal with such a setup? I believe 
> > this
> > is a typical requirement and I would expect there to be more than one 
> > approach.
> >
> > Thanks,
> >
> > p@rick
> >
> >   
> 
> 
> -- 
> Kevin Keane
> Owner
> The NetTech
> Find the Uncommon: Expert Solutions for a Network You Never Have to Think 
> About
> 
> Office: 866-642-7116
> http://www.4nettech.com
> 
> This e-mail and attachments, if any, may contain confidential and/or 
> proprietary information. Please be advised that the unauthorized use or 
> disclosure of the information is strictly prohibited. The information herein 
> is intended only for use by the intended recipient(s) named above. If you 
> have received this transmission in error, please notify the sender 
> immediately and permanently delete the e-mail and any copies, printouts or 
> attachments thereof.
> 
> 
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
> Series Scanner you'll get full speed at 300 dpi even with all image 
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users

-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

http://www.state-of-mind.de

Franziskanerstraße 15      Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666

Amtsgericht München        Partnerschaftsregister PR 563


------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Tape reclamation, John Drescher
Next by Date:  Re: [Bacula-users] unbelievable question - what is a volume?, alexander
Previous by Thread:  Re: [Bacula-users] How to deal with NAT, Kevin Keane
Next by Thread:  Re: [Bacula-users] How to deal with NAT, Kevin Keane
Indexes:  [Date] [Thread] [Top] [All Lists]