Greetings

Moved a machine into a dmz behind a pix515e firewall.  Created a rule to
allow the fd to connect to the sd and it seems to work, except for one
little peculiarity on a larger backup job.

On a server that backs up about 60GB, it fails at the very tail end of
the backup.  The firewall log is showing that it is tearing down the tcp
connection due to a TCP Reset-I then denying the connection a bit later.

I'm not finding much I can do in the firewall to solve the issue.  I was
contemplating putting a direct connection cable beween the fd and the sd
to solve this.  (Darn cisco, if this firewall was iptables, a solution
would be easy)

Anybody have any other ideas??

Thanks in advance for any assistance.

Dirk





Here is the log from the job:

Fatal error: fd_cmds.c:181 FD command not found: ???
+????'l8?^B???k???&F???N&!?^]???m?????x??+???f??^?u"

Job zimbra.2009-06-22_21.31.27_22 marked to be canceled.
2009-06-22 23:31:27
centos2-dir
Fatal error: Network error with FD during Backup: ERR=Connection reset
by peer
2009-06-22 23:31:32
centos2-dir
Error: Bacula centos2-dir 3.0.2 (25May09): 22-Jun-2009 23:31:32
  Build OS:               x86_64-pc-linux-gnu redhat 
  JobId:                  652
  Job:                    zimbra.2009-06-22_21.31.27_22
  Backup Level:           Full
  Client:                 "mail2-fd" 3.0.2 (25May09)
x86_64-unknown-linux-gnu,redhat,
  FileSet:                "ZimbraSet" 2009-06-20 02:00:00
  Pool:                   "LTO_OddWeekend" (From User input)
  Catalog:                "MyCatalog" (From Client resource)
  Storage:                "LTO" (From Pool resource)
  Scheduled time:         22-Jun-2009 21:31:19
  Start time:             22-Jun-2009 21:31:29
  End time:               22-Jun-2009 23:31:32
  Elapsed time:           2 hours 3 secs
  Priority:               10
  FD Files Written:       0
  SD Files Written:       0
  FD Bytes Written:       0 (0 B)
  SD Bytes Written:       0 (0 B)
  Rate:                   0.0 KB/s
  Software Compression:   None
  VSS:                    no
  Encryption:             no
  Accurate:               no
  Volume name(s):         MAIL_ODD_2_
  Volume Session Id:      84
  Volume Session Time:    1245086595
  Last Volume Bytes:      58,996,224,000 (58.99 GB)
  Non-fatal FD errors:    0
  SD Errors:              0
  FD termination status:  Error
  SD termination status:  Error
  Termination:            *** Backup Error ***

Fatal error: No Job status returned from FD.



And here is a snippet of a log from the pix-515e firewall:

Jun 22 21:29:54 Jun 22 2009 21:27:44 pix-kzo-515e : %PIX-6-302013: Built
inbound TCP connection 3896095 for dmz:DMZ-SMTP2/52584 (DMZ-SMTP2/52584)
to inside:Inside-centos6/9103 (Inside-centos6/9103) 
Jun 22 23:30:02 Jun 22 2009 23:27:52 pix-kzo-515e : %PIX-6-302014:
Teardown TCP connection 3896095 for dmz:DMZ-SMTP2/52584 to
inside:Inside-centos6/9103 duration 2:00:12 bytes 3906499625 TCP
Reset-I 
Jun 22 23:30:13 Jun 22 2009 23:28:03 pix-kzo-515e : %PIX-6-106015: Deny
TCP (no connection) from DMZ-SMTP2/54396 to Inside-centos6/9103 flags
RST ACK on interface dmz


------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users