Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] bad interaction between IPV4/NAT and IPV6

2012-03-13 11:09:20
Subject: [Bacula-users] bad interaction between IPV4/NAT and IPV6
From: Luc Maisonobe <Luc.Maisonobe AT free DOT fr>
To: bacula-users AT lists.sourceforge DOT net
Date: Tue, 13 Mar 2012 16:07:28 +0100 
Hello,

I have been using bacula for months recently on a local network with a
few Linux hosts. On one host I have bacula 5.0.3 (Debian testing) and on
another host I have bacula 5.0.2 (Debian stable).

Up to now, only IPV4 was used and the mapping between hostnames and IP
addresses was resolved locally. Some internal firewalls were up and
configured to let some connexions go through (port 9102 in one direction
and 9103 in the other direction). It worked great!

I have now changed my settings and a few hosts can be seen from outside
thanks to either port forwarding on the router for IPV4 or directly
through IPV6. Since these hosts must have outside names, global DNS has
been set up for these hosts and point to one public IPV4 address and
several public IPV6 addresses. It seems this change prevented my bacula
configuration to work.

As far as I understand, the local IPV4 addresses that were used up to
now in the various configuration files (192.168.xxx.yyy) are still
there, but when bacula asks for the address corresponding to a name, it
gets the public IPV4 address and not the internal one. This seems
logical as it is what DNS are for and at this step I did not set up
separate internal and external names. However, I *don't want* my backup
system to be accessible from outside, so I don't want to set up port
forwarding from the public address to internal addresses. In fact, even
if I would set up such port forwarding, I'm not sure I could forward
port 9103 sometimes to host A and sometimes to host B. Playing games
with NAT is not cool.

So before setting up internal names and internal DNS in addition to the
external one, I considered using IPV6 only for my backups, since IPV6
does run perfectly on my system. Each host can have its own address (or
even several ones if I wanted to), firewalls can be tuned, there is only
one address space to deal with, there are no translation tables.
Everything looked better than DNS and NAT tricks ...

Putting "DirAddresses = { ipv6 = { addr = ::1; port = 9101; } }" in the
"Director" block in the bacula-dir.conf file and putting "address = ::1"
in the "Director" block in the bconsole.conf file did work. When I use
bconsole, I can connect to the director. I was able to run an
incremental backup job on the local machine with such a setting (i.e.
IPV6 loopback addresses and all daemons on the same machine). So far so
good.

Putting "[FD|SD]Addresses  = { ipv6 = { addr = global-ipv6-address; port
= 91[02|03]; } }" blocks in bacula-fd.conf and bacula-sd.conf, and
putting "Address = global-ipv6-address" in the Client and Storage
resources in the bacula-dir.conf file did not work. It seems that in
these resources, only IPV4 addresses or hostnames are allowed. So I put
hostnames, but I guess bacula tried to use IPV4 on these hosts, instead
of IPV6, so the firewall rejected the connexion, and I think bacula did
not attempt to use IPV6 after that.

It seems to me I cannot use IPV6 between director and file daemon or
storage daemon because in some places I don't know how to specify an
IPV6 adress, and if I specify a hostname, bacula selects only the IPV4
address.

Going back to IPV4, if I want to use hostnames, then I have to either
set up specific host names only for bacula to make sure they are mapped
to internal IP addresses or put directly internal IPV4 addresses.
However, I recall having problems when putting only addresses before in
bacula, and thought bacula really required  hostnames. Is this true ?
Should I put IPV4 addresses and avoid names ?

I would really prefer to be able to use IPV6 everywhere, both when
declaring on a daemon on which address it listens and on the director
when it tries to connect to the daemons, and to avoid both NAT and DNS
tricks. Is this possible ?

Thanks for any advice that could help me configure my system properly

Luc


------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] HP 1/8 G2 Autoloader - Hardware Compression, Isamar Maia
Next by Date:  [Bacula-users] Standalone client question, Babadostov, Imanuel G [Contractor]
Previous by Thread:  [Bacula-users] HP 1/8 G2 Autoloader - Hardware Compression, Isamar Maia
Next by Thread:  Re: [Bacula-users] bad interaction between IPV4/NAT and IPV6, Josh Fisher
Indexes:  [Date] [Thread] [Top] [All Lists]