Hi,
I'm trying to run a backup of a client behind NAT. My network
configuration is this:
- a server with public IP --> aka server
- a client with public and private IP --> aka client-router
- a client with ONLY private IP --> aka client-behind-NAT
Well, what I'm trying is run a backup from 1 to 3, going through
2 via NAT-PREROUTING. Configuration files are these:
In server, I have defined:
Client {
Name = client-behind-NAT
Address = client-router
FDPort = 19102
Catalog = Catalogo
Password = "xxxx"
}
I have configured a "Run Before Job" directive in job definition:
Job {
Name = "BackupFull-COBBLER"
Client = server
JobDefs = "Full_Cobbler"
Write Bootstrap = "/var/bacula/cobbler"
Pool = Full_COBBLER
Enabled = yes
Run Before Job = "/etc/bacula/scripts/check-status-client.sh
'%c' '%p'"
}
"check-status-client.sh" is this script:
#!/bin/sh
HOST=$1
PORT=9102
if [ "$2" == "Full_COBBLER" ]; then
PORT=19102
fi
NC=/usr/bin/netcat
HOST=`echo $HOST | sed 's/-fd//g'`
OUT=`$NC -w 20 -z $HOST $PORT`
if [ $? -eq 0 ]; then
echo "$PORT port is up"
exit 0
else
echo "$PORT port is down"
exit 1
fi
What I test with this script is if bacula client is running on
remote client and, if running job is for client-behind-NAT, I
check also pool name and, in case of OK, I change remote checking
port.
In client-router, I have added this lines to iptables:
* filter
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport
1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport
1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport
1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport
1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport
1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport
1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport
1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport
1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport
1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport
1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport
1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport
1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT
*nat
-A POSTROUTING -s 192.168.11.0/24 -o vlan100 -j MASQUERADE
-A PREROUTING -i vlan100 -p tcp -s server -d client-router --dport
19102 -j DNAT --to client-behind-nat:19102
And, of couse:
echo "1" > /proc/sys/net/ipv4/ip_forward
Bacula-fd file configuration, on client side:
[...]
FileDaemon { # this is me
Name = client-router
## FDport = 19102 # where we listen for the
director
WorkingDirectory = /var/spool/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
FDAddresses = { ip = { addr = client-behind-NAT; port = 19102; }
}
}
[...]
With all this configuration, port checking (19102) runs OK
(prerouting and redirection), but when jobs starts (it's to say,
when bacula-fd starts getting files), server is doing a backup of
client-router, instead of client-behind-NAT.
Bufff, I hope you understand my explanation...
Why is server getting the backup of client-router instead of
client-behind-NAT?
Thank a lot!!!!
