On 02/20/13 04:09, goorooj wrote:
> Hi,
> 
> i have a strange problem with my backup through the firewall.
> i have a backup server with 16 slot autoloader inside my LAN.
> i have a pfsense betwen LAN and DMZ that does NAT, the DMZ uses a full public 
> class C Network. the firewall between dmz and the webz therefore does no NAT.
> i have a rule that forwards port 9102 from the DMZ machines to SD on backup 
> server.
> i put the name of the SD Server in my config files instead of the IP, the DNS 
> inside the LAN resolves correctly.
> I put the name of the SD Server into the Hosts file of both DMZ machines i am 
> backing up, a web server and a mail server.
> The webserver does his Backup fine, connects without problem to the SD, it´s 
> a ubuntu 8.04 machine. 
> the mailserver is a RHEL4 machine and i get the error
> 
>  20-Feb 00:58 mailserver-fd JobId 649: Fatal error: bsock.c:134 Unable to 
> connect to Storage daemon on backupserver:9103. ERR=Connection refused
> 20-Feb 00:58 mailserver-fd JobId 649: Fatal error: Failed to connect to 
> Storage daemon: backupserver:9103
> 20-Feb 01:18 backupserver-dir JobId 649: Fatal error: Bad response to Storage 
> command: wanted 2000 OK storage
> , got 2902 Bad storage
> 
> i can telnet from the mailserver to the servername of the backupserver port 
> 9103 and SD responds... so firewall and name resolution should be ok.
> 
> the config files of both DMZ machines are identical, just that the RHEL4 uses 
> a 5.0.3 client and ubuntu uses the 2.2.8 client that shipped with ubuntu. 
> backup server version is 5.0.2... funny that the old client works.
> 
> can anybody point me in the right direction?


Hi goorooj,

the key here is this line:

20-Feb 00:58 mailserver-fd JobId 649: Fatal error: bsock.c:134 Unable to
connect to Storage daemon on backupserver:9103. ERR=Connection refused

and more specifically, the "ERR=Connection refused"  part

If you can telnet to port 9103 from this mailserver on the DMZ to the SD on
the internal network, but you get "connection refused" when Bacula is trying,
it seems to me that Bacula is attempting to connect to the wrong host - a host
that is not listening on the SD port - hence the "connection refused" message
rather than a timeout.

I would check and re-check your hosts file entry on the mailserver (although
it would seem to be correct since telnet resolves it properly).  To be sure,
I'd also use a FQDN in the hosts file, not just the SD's hostname 
"backupserver."

If you have not yet tried to re-start the FD on the mailserver - perhaps after
making hosts file changes - I'd try that as well.

And finally, I'd check the mailserver's Job configuration, specifically the
"Storage" defined for the job. Perhaps that job was accidentally defined to
write to a different, and inaccessible SD?


I'd also start a tcpdump on the mailserver like so:

# tcpdump -w bacula-test.dump -s0 -i any src or dst port 9103

Then start a backup job of the mailserver. Once the job fails, stop the
tcpdump and open the file with wireshark and see where Bacula FD is trying to
connect to and were the TCP RST is coming from.

As a matter of fact, I would do this first, since you are reasonably sure all
of your other configs are OK.   This should reveal the cause of the failed
jobs pretty quickly.


Hope this helps!

--
Bill Arlofski
Reverse Polarity, LLC

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users