Re: [Bacula-users] Bacula client behind NAT

El 19/04/2013 16:52, Humphrey Bryant escribió:

I'm trying to run a backup of a client behind NAT.
What happened when you run a backup job was it success/failure/hanged??

It starts OK, but it is running on the client-router, not in client-behin-NAT. I don't understand why ¿?¿?¿?

Why is server getting the backup of client-router instead of client-behind-NAT?
Maybe because you have the client-router (public) IP as the client Address (assuming here); if you setup the router to port forward 9102 to the (private) LAN IP address of the client-behind-NAT you should get files from the client-behind-NAT.

But I think I can't do that, because I run also backups from client-router, so port 9102 can't be redirected (prerouting) to client-behind-NAT 9102 port. Because of that, I use another port (19102). I run backups on port 9102 for client-router and backups on port 19102 for client-behind-NAT

Try checking client status with BAT.

On 04/19/2013 05:26 AM, Personal Técnico wrote:
Hi,

I'm trying to run a backup of a client behind NAT. My network configuration is this:

a server with public IP --> aka server

a client with public and private IP --> aka client-router

a client with ONLY private IP --> aka client-behind-NAT

Well, what I'm trying is run a backup from 1 to 3, going through 2 via NAT-PREROUTING. Configuration files are these:

In server, I have defined:

Client {
Name = client-behind-NAT
Address = client-router
FDPort = 19102
Catalog = Catalogo
Password = "xxxx"
}

I have configured a "Run Before Job" directive in job definition:

Job {
Name = "BackupFull-COBBLER"
Client = server
JobDefs = "Full_Cobbler"
Write Bootstrap = "/var/bacula/cobbler"
Pool = Full_COBBLER
Enabled = yes
Run Before Job = "/etc/bacula/scripts/check-status-client.sh '%c' '%p'"
}

"check-status-client.sh" is this script:

#!/bin/sh
HOST=$1
PORT=9102
if [ "$2" == "Full_COBBLER" ]; then
        PORT=19102
fi
NC=/usr/bin/netcat
HOST=`echo $HOST | sed 's/-fd//g'`
OUT=`$NC -w 20 -z $HOST $PORT`
if [ $? -eq 0 ]; then
        echo "$PORT port is up"
        exit 0
else
        echo "$PORT port is down"
        exit 1
fi

What I test with this script is if bacula client is running on remote client and, if running job is for client-behind-NAT, I check also pool name and, in case of OK, I change remote checking port.

In client-router, I have added this lines to iptables:

* filter
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT

*nat
-A POSTROUTING -s 192.168.11.0/24 -o vlan100 -j MASQUERADE
-A PREROUTING -i vlan100 -p tcp -s server -d client-router --dport 19102 -j DNAT --to client-behind-nat:19102
And, of couse:

echo "1" > /proc/sys/net/ipv4/ip_forward

Bacula-fd file configuration, on client side:

[...]
FileDaemon {                          # this is me
Name = client-router
## FDport = 19102                  # where we listen for the director
WorkingDirectory = /var/spool/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
FDAddresses = { ip = { addr = client-behind-NAT; port = 19102; } }
}
[...]

With all this configuration, port checking (19102) runs OK (prerouting and redirection), but when jobs starts (it's to say, when bacula-fd starts getting files), server is doing a backup of client-router, instead of client-behind-NAT.

Bufff, I hope you understand my explanation...

Why is server getting the backup of client-router instead of client-behind-NAT?

Thank a lot!!!!
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users