Re: [Bacula-users] DMZ & Internal network problem



--- On Fri, 3/6/09, Giorgos Gaganis <G.Gaganis AT gnomon.com DOT gr> wrote:

> From: Giorgos Gaganis <G.Gaganis AT gnomon.com DOT gr>
> Subject: [Bacula-users] DMZ & Internal network problem
> To: bacula-users AT lists.sourceforge DOT net
> Date: Friday, March 6, 2009, 9:59 AM
> Hello
> 
>     I am a new user of bacula. I have installed it
> successfully on the 
> computer that I will use as director and storage and also
> to some of my 
> servers and I must say I liked it very much. I have come
> across a 
> problem though.
> 
> I have a network setup with two subnets one that is
> internal and one is 
> a DMZ. My backup server is installed on the internal
> network and I 
> successfully setup the backups for servers that are on the
> internal 
> network. My director has access to the fds on my DMZ
> servers but it is 
> my impression that the fds are trying to contact the
> storage daemon 
> directly to the address that is defined on the director
> setup file. 
> Normally my servers on the DMZ cannot connect to addresses
> on the 
> internal network. I have tried to create a NATed address
> where my DMZ 
> servers can connect to the storage daemon but then it seems
> that my 
> director can't connect to the storage daemon.
> 
> I was wondering if there is a way to define a different
> address for my 
> daemons depending on the client?
> 
> Also I would like to congratulate everyone for the creation
> of this 
> great software!
> 
> Thank you very much for your time
> 
> Giorgos
> 
> 
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009,
> San Francisco, CA
> -OSBC tackles the biggest issue in open source: Open
> Sourcing the Enterprise
> -Strategies to boost innovation and cut costs with open
> source participation
> -Receive a $600 discount off the registration fee with the
> source code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users

Giorgos,

  I have same situation. My director and storage daemon are both on same 
system. On my firewall (Linux running iptables) I have setup forwarding rules 
to allow port 9101, 9102 and 9103 back and forth from the DMZ system and backup 
server, I am not even doing NAT. On my DMZ system which is Linux, I also have 
ipdables rules to accept traffic to ports 9101, 9102, and 9103 from the backup 
server.

I have no problems backing up and restoring files to the DMZ system.

On my backup system the default route is set to the firewall, so all traffic to 
the DMZ system which is on a different subnet is sent to the firewall which 
forwards it to the DMZ system. On DMZ system the route to my internal network 
is set to my firewall so the traffic to internal subnet is sent to the firewall 
and firewall forwards it to the backup server.

I hope this helps.


Hemant Shah
E-mail: hjrrs AT yahoo DOT com



      

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users