Networker

Re: [Networker] configuring a NW server with two NICs (DMZ bkups)

2005-10-20 13:11:57
Subject: Re: [Networker] configuring a NW server with two NICs (DMZ bkups)
From: Athanasios Douitsis <aduitsis AT NOC.NTUA DOT GR>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Thu, 20 Oct 2005 20:10:21 +0300
On Thu, Oct 20, 2005 at 11:41:10AM -0500, Ty Young wrote:

> I've searched the archives but not found anything pertaining to my
> situation.   Please forgive me if I missed something.
> 
> I have a Solaris-based NW 721 server which backs up a number of clients
> (UNIX) nightly.   Recently a particular client was moved into the DMZ and
> assigned a new IP, so understandably NW choked on backing it up since the
> client's nsrexecd could no longer talk to nsrd on the server.
> 
> I spoke with our LAN people, who are vehemently opposed to punching holes
> in the firewall but instead suggested that I enable another NIC on the bkup
> server and and hook it into the DMZ network.    We've done this, so now the
> config looks like this:
> 
> clientIP:  x.x.x.19 (DMZ space)
> serverIP:  x.x.9.26 (LAN IP)
>       and      x.x.x.23 (DMZ space, same subnet as clientIP)
> 
> At this point my head is so full of useless information about firewalls,
> ports, etc. that I cannot think straight and solve this problem.   What am
> I doing wrong?

Your server and client interfaces in the DMZ must have names. Let's say 
client-dmz and server-dmz. Lets also
assume that the x.x.9.26 has a name like server-lan.

You have to adjust multiple points:
1)In the client adjust your /etc/hosts accordingly.  (x.x.x.23 server-dmz)
2)In the client nsrexecd must be run with something like -s server-dmz 
3)In the server, adjust the "server network interface" in this specific 
client's resource to "server-dmz". Of course, the server must have
the appropriate entry for the server-dmz in its hosts file. (To be on the safe 
side, put both server and client entries both into
the servers and the clients hosts file.)

However when you will try to restore something for client-dmz, the software 
will try to use the server that you
have defined in the server's "server" resource so it will (stupidly) start 
sending packets to x.x.9.26 which is the server-lan. 
In that case, you will have to adjust the /etc/hosts in your client to fool the 
software into thinking that 
the original  server has ip x.x.x.23. So you may put x.x.x.23 server-lan to 
fool it to talk to the dmz server
interface instead of the lan interface.

Hope this helps,
Cheers,
Athanasios



> 
> Thx in advance
> 
> Phillip T. ("Ty") Young, DMA
> Manager, Data Center and Backup/Recovery Services
> Information Services
> i2 Technologies, Inc.
> 
> To sign off this list, send email to listserv AT listserv.temple DOT edu and 
> type "signoff networker" in the
> body of the email. Please write to networker-request AT listserv.temple DOT 
> edu if you have any problems
> wit this list. You can access the archives at 
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>