Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Firewall traversal

2011-06-23 03:35:12
Subject: Re: [Bacula-users] Firewall traversal
From: shouldbe q931 <shouldbeq931 AT gmail DOT com>
To: "Kevin O'Connor" <kevino AT arc90 DOT com>
Date: Thu, 23 Jun 2011 08:32:42 +0100 
2011/6/23 Kevin O'Connor <kevino AT arc90 DOT com>:
> So I've followed that SSH tunneling article, but I see that the FD on the
> remote server outside of the firewall is trying to connect to 172.16.x.x,
> which is what the SD resolves to inside of our network.  I've followed the
> instructions in the article to add the SD FQDN to /etc/hosts to make it
> resolve to 127.0.0.1, but somehow this 172.16.x.x address is getting passed
> along.
> Does the Bacula Director resolve that FQDN and pass the IP along instead of
> passing the FQDN?  I'm talking about what's specified in bacula-sd.conf.
> Thanks!
>
> On Mon, Jun 20, 2011 at 6:55 PM, Dan Langille <dan AT langille DOT org> wrote:
>>
>> On Jun 20, 2011, at 12:11 PM, Kevin O'Connor wrote:
>>
>> > My setup is as follows:
>> >
>> > Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed up (FD)
>> >
>> > The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW).
>> >
>> > When I start the backup, the Director connects to the FD without a
>> > problem, but then when the Director tells the FD to connect back to the SD
>> > it fails because of the NAT.  I'm in a situation where I can't get the 
>> > ports
>> > forwarded, but it would seem that there should be a way to have the SD
>> > connect out to the FD or something along those lines to get this working.
>> >  Is there a way to do that that I've missed in the docs or is really the
>> > only way to get this working is to expose the SD?
>>
>> No, there is not.
>>
>> I highly recommend OpenVPN.  It simplifies a great many things.
>>
>>
>> --
>> Dan Langille - http://langille.org
>>
>
>
I would second Dan and suggest that OpenVPN is a cleaner method that
using an SSH Tunnell. There is some more work to initially configure,
but as you are creating a full tunnel, not just forwarding a single port, it
allows you to run "anything" without modifying the application.

apologies to all for two emails, not a clue how the other email
managed to send...

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Firewall traversal, shouldbe q931
Next by Date:  Re: [Bacula-users] Firewall traversal, Jari Fredriksson
Previous by Thread:  Re: [Bacula-users] Firewall traversal, shouldbe q931
Next by Thread:  Re: [Bacula-users] Firewall traversal, Rodrigo Renie Braga
Indexes:  [Date] [Thread] [Top] [All Lists]