On Thu, Oct 20, 2005 at 11:41:10AM -0500, Ty Young wrote:
> I've searched the archives but not found anything pertaining to my
> situation. Please forgive me if I missed something.
>
> I have a Solaris-based NW 721 server which backs up a number of clients
> (UNIX) nightly. Recently a particular client was moved into the DMZ and
> assigned a new IP, so understandably NW choked on backing it up since the
> client's nsrexecd could no longer talk to nsrd on the server.
>
> I spoke with our LAN people, who are vehemently opposed to punching holes
> in the firewall but instead suggested that I enable another NIC on the bkup
> server and and hook it into the DMZ network. We've done this, so now the
> config looks like this:
>
> clientIP: x.x.x.19 (DMZ space)
> serverIP: x.x.9.26 (LAN IP)
> and x.x.x.23 (DMZ space, same subnet as clientIP)
>
> At this point my head is so full of useless information about firewalls,
> ports, etc. that I cannot think straight and solve this problem. What am
> I doing wrong?
Your server and client interfaces in the DMZ must have names. Let's say
client-dmz and server-dmz. Lets also
assume that the x.x.9.26 has a name like server-lan.
You have to adjust multiple points:
1)In the client adjust your /etc/hosts accordingly. (x.x.x.23 server-dmz)
2)In the client nsrexecd must be run with something like -s server-dmz
3)In the server, adjust the "server network interface" in this specific
client's resource to "server-dmz". Of course, the server must have
the appropriate entry for the server-dmz in its hosts file. (To be on the safe
side, put both server and client entries both into
the servers and the clients hosts file.)
However when you will try to restore something for client-dmz, the software
will try to use the server that you
have defined in the server's "server" resource so it will (stupidly) start
sending packets to x.x.9.26 which is the server-lan.
In that case, you will have to adjust the /etc/hosts in your client to fool the
software into thinking that
the original server has ip x.x.x.23. So you may put x.x.x.23 server-lan to
fool it to talk to the dmz server
interface instead of the lan interface.
Hope this helps,
Cheers,
Athanasios
>
> Thx in advance
>
> Phillip T. ("Ty") Young, DMA
> Manager, Data Center and Backup/Recovery Services
> Information Services
> i2 Technologies, Inc.
>
> To sign off this list, send email to listserv AT listserv.temple DOT edu and
> type "signoff networker" in the
> body of the email. Please write to networker-request AT listserv.temple DOT
> edu if you have any problems
> wit this list. You can access the archives at
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|