Re: [Bacula-users] Firewall traversal

23.6.2011 4:28, Dan Langille kirjoitti:
> 
> On Jun 22, 2011, at 9:18 PM, Kevin O'Connor wrote:
> 
>> On Mon, Jun 20, 2011 at 6:55 PM, Dan Langille <dan AT langille DOT org> 
>> wrote:
>> On Jun 20, 2011, at 12:11 PM, Kevin O'Connor wrote:
>>>
>>>> My setup is as follows:
>>>>
>>>> Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed up (FD)
>>>>
>>>> The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW).
>>>>
>>>> When I start the backup, the Director connects to the FD without a 
>>>> problem, but then when the Director tells the FD to connect back to the SD 
>>>> it fails because of the NAT.  I'm in a situation where I can't get the 
>>>> ports forwarded, but it would seem that there should be a way to have the 
>>>> SD connect out to the FD or something along those lines to get this 
>>>> working.  Is there a way to do that that I've missed in the docs or is 
>>>> really the only way to get this working is to expose the SD?
>>>
>>> No, there is not.
>>>
>>> I highly recommend OpenVPN.  It simplifies a great many things.
>>
> 
>> So I've followed that SSH tunneling article, but I see that the FD on the 
>> remote server outside of the firewall is trying to connect to 172.16.x.x, 
>> which is what the SD resolves to inside of our network.  I've followed the 
>> instructions in the article to add the SD FQDN to /etc/hosts to make it 
>> resolve to 127.0.0.1, but somehow this 172.16.x.x address is getting passed 
>> along.
> 
> I can't comment.  You didn't provide the URL to the document you are 
> following.  Please don't expect us to search for it.  :)
> 
> 
> What host has the SD resolve to localhost?  Nobody should need that.
> 

ssh-tunnel solutions requires that on the fd machine. There sshd listens
on localhost on behalf of SD, and forwards the connection over the tunnel.

The document is on Bacula wiki page, and it works. I have implemented
ssh-tunneling per the document, and I have no problems.

>>
>> Does the Bacula Director resolve that FQDN and pass the IP along instead of 
>> passing the FQDN?  I'm talking about what's specified in bacula-sd.conf.
>>
>> Thanks!
> 

Are you sure you have the FQDN in the Bacula config file, and not the
172.xx IP-address?

I have followed the same doc, and my setup just works.

-- 

The true Southern watermelon is a boon apart, and not to be mentioned with
commoner things.  It is chief of the world's luxuries, king by the grace
of God
over all the fruits of the earth.  When one has tasted it, he knows what the
angels eat.  It was not a Southern watermelon that Eve took; we know it
because
she repented.
                -- Mark Twain, "Pudd'nhead Wilson's Calendar"

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users