Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Client in LAN, Server in the Internet

2010-08-16 10:13:46
Subject: Re: [Bacula-users] Client in LAN, Server in the Internet
From: Josh Fisher <jfisher AT pvct DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 16 Aug 2010 10:11:10 -0400 
On 8/15/2010 9:38 AM, Dan Langille wrote:
> On 8/14/2010 5:20 PM, Markus Lanz wrote:
>
>> I don't know. Can openvpn really help in my case?? Remember, i cannot open 
>> or even forward a port on the router where the clients are hidden behind?
>> Wouldn't i have to set up a site to site VPN from one router to the other 
>> either, if i could access the router?
> I see something ambiguous here.  A lot depends on how this router is
> configuration

It does, but with the openvpn approach, only one port is required for 
all coms. Openvpn can be configured to use any port on the server, even 
port 80, so there must be at least one that the openvpn client can 
connect to. Once the openvpn client is connected, all traffic between 
the bacula client and SD or DIR occurs over the openvpn tunnel. There 
should be no firewall problems, other than getting the openvpn 
connection up.

As for multiple LAN clients behind a firewall, openvpn can be configured 
point-to-multipoint such that all the clients are on the same openvpn 
subnet and talk to the same SD and DIR address/port. However, multiple 
remote clients backing up over the Internet is likely to be quite slow 
unless a very fast Internet connection is available.


> The client is behind a router.  You say you cannot change the router
> settings.  Let's work with that, keeping in mind that within the Bacula
> protocol:
>
> * the Director *must* be able to initiate communication with the File Daemon
> * the File Daemon must be be able to initiate communication with the
> Storage Daemon
>
> Thus:
>
> * if your client cannot initiate outgoing comms to the SD, you're in a
> whole heap of trouble.
>
>   From what you've said about your router, I content
>
> * This does not mean the client cannot initiate outside connections.
> The client may still be able to initiate outgoing connections (to the SD
> for example)
>
> * The router may have a list of outgoing ports to which the client can
> connect.  There is no reason why the SD cannot listen on one of those
> ports or have that port on YOUR firewall redirected to the actual port.
>
> Do a simple test: from the client, assuming your SD is at 10.0.0.1 and
> listening on port 9103:
>
>     telnet 10.0.0.1 9103
>
> You should see this:
>
> $ telnet 10.55.0.67 9103
> Trying 10.55.0.67...
> Connected to ngaio.unixathome.org.
> Escape character is '^]'.
> type something
> Connection closed by foreign host.
> $
>
> Once we know this, we can start forming a plan.
>
>

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] client 5.0.1 depends on libmysqlclient_r.so.15, Reinhard Haller
Next by Date:  [Bacula-users] Bacula Wind32 Compilation,, Heitor Medrado de Faria
Previous by Thread:  Re: [Bacula-users] Client in LAN, Server in the Internet, Dan Langille
Next by Thread:  [Bacula-users] Client in LAN, Server in the Internet, Udo Kaune
Indexes:  [Date] [Thread] [Top] [All Lists]