Re: [Bacula-users] Client in LAN, Server in the Internet
2010-08-16 10:13:46
On 8/15/2010 9:38 AM, Dan Langille wrote:
> On 8/14/2010 5:20 PM, Markus Lanz wrote:
>
>> I don't know. Can openvpn really help in my case?? Remember, i cannot open
>> or even forward a port on the router where the clients are hidden behind?
>> Wouldn't i have to set up a site to site VPN from one router to the other
>> either, if i could access the router?
> I see something ambiguous here. A lot depends on how this router is
> configuration
It does, but with the openvpn approach, only one port is required for
all coms. Openvpn can be configured to use any port on the server, even
port 80, so there must be at least one that the openvpn client can
connect to. Once the openvpn client is connected, all traffic between
the bacula client and SD or DIR occurs over the openvpn tunnel. There
should be no firewall problems, other than getting the openvpn
connection up.
As for multiple LAN clients behind a firewall, openvpn can be configured
point-to-multipoint such that all the clients are on the same openvpn
subnet and talk to the same SD and DIR address/port. However, multiple
remote clients backing up over the Internet is likely to be quite slow
unless a very fast Internet connection is available.
> The client is behind a router. You say you cannot change the router
> settings. Let's work with that, keeping in mind that within the Bacula
> protocol:
>
> * the Director *must* be able to initiate communication with the File Daemon
> * the File Daemon must be be able to initiate communication with the
> Storage Daemon
>
> Thus:
>
> * if your client cannot initiate outgoing comms to the SD, you're in a
> whole heap of trouble.
>
> From what you've said about your router, I content
>
> * This does not mean the client cannot initiate outside connections.
> The client may still be able to initiate outgoing connections (to the SD
> for example)
>
> * The router may have a list of outgoing ports to which the client can
> connect. There is no reason why the SD cannot listen on one of those
> ports or have that port on YOUR firewall redirected to the actual port.
>
> Do a simple test: from the client, assuming your SD is at 10.0.0.1 and
> listening on port 9103:
>
> telnet 10.0.0.1 9103
>
> You should see this:
>
> $ telnet 10.55.0.67 9103
> Trying 10.55.0.67...
> Connected to ngaio.unixathome.org.
> Escape character is '^]'.
> type something
> Connection closed by foreign host.
> $
>
> Once we know this, we can start forming a plan.
>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Bacula-users] Client in LAN, Server in the Internet, Markus Lanz
- Re: [Bacula-users] Client in LAN, Server in the Internet, Phil Stracchino
- Re: [Bacula-users] Client in LAN, Server in the Internet, Markus Lanz
- Re: [Bacula-users] Client in LAN, Server in the Internet, Phil Stracchino
- Re: [Bacula-users] Client in LAN, Server in the Internet, Dan Langille
- Re: [Bacula-users] Client in LAN, Server in the Internet, Markus Lanz
- Re: [Bacula-users] Client in LAN, Server in the Internet, Phil Stracchino
- Re: [Bacula-users] Client in LAN, Server in the Internet, Markus Lanz
- Re: [Bacula-users] Client in LAN, Server in the Internet, Dan Langille
- Re: [Bacula-users] Client in LAN, Server in the Internet, Dan Langille
- Re: [Bacula-users] Client in LAN, Server in the Internet,
Josh Fisher <=
|
|
|