23.6.2011 18:49, Kevin O'Connor kirjoitti:
>
>
> 2011/6/23 Jari Fredriksson <jarif AT iki DOT fi <mailto:jarif AT iki DOT fi>>
>
> 23.6.2011 4:28, Dan Langille kirjoitti:
> >
> > On Jun 22, 2011, at 9:18 PM, Kevin O'Connor wrote:
> >
> >> On Mon, Jun 20, 2011 at 6:55 PM, Dan Langille <dan AT langille DOT org
> <mailto:dan AT langille DOT org>> wrote:
> >> On Jun 20, 2011, at 12:11 PM, Kevin O'Connor wrote:
> >>>
> >>>> My setup is as follows:
> >>>>
> >>>> Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed
> up (FD)
> >>>>
> >>>> The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW).
> >>>>
> >>>> When I start the backup, the Director connects to the FD
> without a problem, but then when the Director tells the FD to
> connect back to the SD it fails because of the NAT. I'm in a
> situation where I can't get the ports forwarded, but it would seem
> that there should be a way to have the SD connect out to the FD or
> something along those lines to get this working. Is there a way to
> do that that I've missed in the docs or is really the only way to
> get this working is to expose the SD?
> >>>
> >>> No, there is not.
> >>>
> >>> I highly recommend OpenVPN. It simplifies a great many things.
> >>
> >
> >> So I've followed that SSH tunneling article, but I see that the
> FD on the remote server outside of the firewall is trying to connect
> to 172.16.x.x, which is what the SD resolves to inside of our
> network. I've followed the instructions in the article to add the
> SD FQDN to /etc/hosts to make it resolve to 127.0.0.1, but somehow
> this 172.16.x.x address is getting passed along.
> >
> > I can't comment. You didn't provide the URL to the document you
> are following. Please don't expect us to search for it. :)
> >
> >
> > What host has the SD resolve to localhost? Nobody should need that.
> >
>
> ssh-tunnel solutions requires that on the fd machine. There sshd listens
> on localhost on behalf of SD, and forwards the connection over the
> tunnel.
>
> The document is on Bacula wiki page, and it works. I have implemented
> ssh-tunneling per the document, and I have no problems.
>
>
> The document is a little fuzzy as to what steps are required where, the
> SSH tunnel should be created on the director which will then connect out
> to the system to be backed up running the FD? Then the FD goes through
> the tunnel that's been opened up on localhost and the traffic should be
> directed to the SD port on the director?
>
In my setup:
1. Director opens the SSH-tunnel, and starts listening on localhost AND
client-fd
2. Director connects to the client using localhost (SSH-tunnel)
3. Client connects to the SD using it's name. /etc/hosts on FD machine
declares that address as 127.0.0.1, so client connects to SD via SSH-tunnel
>
> >>
> >> Does the Bacula Director resolve that FQDN and pass the IP along
> instead of passing the FQDN? I'm talking about what's specified in
> bacula-sd.conf.
> >>
> >> Thanks!
> >
>
> Are you sure you have the FQDN in the Bacula config file, and not the
> 172.xx IP-address?
>
> I have followed the same doc, and my setup just works.
>
>
> Yeah, absolutely. There's no reference in any of my configs anywhere
> (dir, sd, fd) on either machine to that IP, so it makes me think the
> Director is resolving it, using that value internally, and then passing
> that over the wire instead of the FQDN specified in my config. I'm
> using Director 5.0.3 and FD 5.0.1 if that makes a difference.
>
>
> --
>
> The true Southern watermelon is a boon apart, and not to be
> mentioned with
> commoner things. It is chief of the world's luxuries, king by the grace
> of God
> over all the fruits of the earth. When one has tasted it, he knows
> what the
> angels eat. It was not a Southern watermelon that Eve took; we know it
> because
> she repented.
> -- Mark Twain, "Pudd'nhead Wilson's Calendar"
>
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with
> vRanger.
> Installation's a snap, and flexible recovery options mean your data
> is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> <mailto:Bacula-users AT lists.sourceforge DOT net>
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
>
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
>
>
>
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
--
You are going to have a new love affair.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense..
http://p.sf.net/sfu/splunk-d2d-c1 _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|