Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Firewall traversal

2011-06-22 21:31:07
Subject: Re: [Bacula-users] Firewall traversal
From: Dan Langille <dan AT langille DOT org>
To: "Kevin O'Connor" <kevino AT arc90 DOT com>
Date: Wed, 22 Jun 2011 21:28:10 -0400 
On Jun 22, 2011, at 9:18 PM, Kevin O'Connor wrote:

> On Mon, Jun 20, 2011 at 6:55 PM, Dan Langille <dan AT langille DOT org> wrote:
> On Jun 20, 2011, at 12:11 PM, Kevin O'Connor wrote:
>> 
>> > My setup is as follows:
>> >
>> > Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed up (FD)
>> >
>> > The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW).
>> >
>> > When I start the backup, the Director connects to the FD without a 
>> > problem, but then when the Director tells the FD to connect back to the SD 
>> > it fails because of the NAT.  I'm in a situation where I can't get the 
>> > ports forwarded, but it would seem that there should be a way to have the 
>> > SD connect out to the FD or something along those lines to get this 
>> > working.  Is there a way to do that that I've missed in the docs or is 
>> > really the only way to get this working is to expose the SD?
>> 
>> No, there is not.
>> 
>> I highly recommend OpenVPN.  It simplifies a great many things.
> 

> So I've followed that SSH tunneling article, but I see that the FD on the 
> remote server outside of the firewall is trying to connect to 172.16.x.x, 
> which is what the SD resolves to inside of our network.  I've followed the 
> instructions in the article to add the SD FQDN to /etc/hosts to make it 
> resolve to 127.0.0.1, but somehow this 172.16.x.x address is getting passed 
> along.

I can't comment.  You didn't provide the URL to the document you are following. 
 Please don't expect us to search for it.  :)


What host has the SD resolve to localhost?  Nobody should need that.

> 
> Does the Bacula Director resolve that FQDN and pass the IP along instead of 
> passing the FQDN?  I'm talking about what's specified in bacula-sd.conf.
> 
> Thanks!

BTW When you don't reply at the top, people can read the story from top to 
bottom...

One solution many people use:

You need two Storage resources.  One with the 172.16 address and one with the 
public address of your firewall.   Use the former for clients inside, use the 
later for clients outside.

Have you read: 
http://www.bacula.org/5.0.x-manuals/en/problems/problems/Dealing_with_Firewalls.html



-- 
Dan Langille - http://langille.org


------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Firewall traversal, Kevin O'Connor
Next by Date:  Re: [Bacula-users] Nuke and Start Over, Dan Langille
Previous by Thread:  Re: [Bacula-users] Firewall traversal, Kevin O'Connor
Next by Thread:  Re: [Bacula-users] Firewall traversal, Jari Fredriksson
Indexes:  [Date] [Thread] [Top] [All Lists]