Hi,

On Mon, 20 Jun 2011, Kevin O'Connor wrote:

> Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed up (FD)
> 
> The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW).
> 
> When I start the backup, the Director connects to the FD without a problem,
> but then when the Director tells the FD to connect back to the SD it fails
> because of the NAT.  I'm in a situation where I can't get the ports
> forwarded, but it would seem that there should be a way to have the SD
> connect out to the FD or something along those lines to get this working.
>  Is there a way to do that that I've missed in the docs or is really the
> only way to get this working is to expose the SD?

As far as I understand it, both backups and restores involve a TCP session
opening from the FD to the SD -- not the reverse.

What you could do is to have software on the SD open up a channel onto the
FD with a port forward.  There are different tools for this but one is ssh
or autossh.

        sd-host%  ssh -L 9103:localhost:9103 fd-host

then have the FD connect to localhost instead of the sd-host (in the
director configuration).  With autossh if the connection dies it'll restart
itself.  I've done this in one case and it worked pretty well.  With SSH
you are adding the extra load of encrypting all of the data in transit
which might or might not be a problem, depending on your available CPU
cycles and the quantities of data you need to ship.

The same tunnel should work for a restore.

Gavin



------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users