Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Remote backup through NAT?

2016-01-27 16:52:41
Subject: Re: [Bacula-users] Remote backup through NAT?
From: Michael Munger <michael AT highpoweredhelp DOT com>
To: 'Wesley Render' <wrender AT otherdata DOT com>, "bacula-users AT lists.sourceforge DOT net" <bacula-users AT lists.sourceforge DOT net>
Date: Wed, 27 Jan 2016 21:48:27 +0000 
This is REALLY helpful. 

I have it working on some public services that are physically attached to our 
network, so I haven't enabled SSL (because it never leaves the office), but my 
next step is to do it with some remote datacenter boxes, and the SSL configs 
you have just sent are invaluable time savers. Thanks!


Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
michael AT highpoweredhelp DOT com


-----Original Message-----
From: Wesley Render [mailto:wrender AT otherdata DOT com] 
Sent: Wednesday, January 27, 2016 4:21 PM
To: bacula-users AT lists.sourceforge DOT net
Subject: Re: [Bacula-users] Remote backup through NAT?


I had a lot of problems getting my setup to work over NAT too.  If you want 
email me directly and I can provide my full configs/help out.  I think what 
ended up fixing it for me was updating all of the Bacula components to 7.2.0.  
I had a real struggle trying to get it to work with 5.x too.

Here is what I would recommend:

-  For consistency make sure you are running all Bacula 7.2.0 on all computers. 
(Not sure if this is possible for Microsoft Windows Clients)
-  On your firewall for the internal lan where your bacula server and storage 
daemon is. Open/Forward ports 9101-9103.
-  In your bacula server for the "client" definition, make sure the  
"Address" is that of the public IP, or hostname of the client server.   
Mine looks like this:
#####  On the Bacula Server #####
Client {
Name = web221.mydomain.com-fd
Password = mypassword
Address = web221.mydomain.com
FDPort = 9102
Catalog = MyCatalog
File Retention = 30 days
Job Retention = 6 months
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem AutoPrune = yes }

-  On the client's bacula-fd.conf mine looks like this:

#####  On the Linux Client #####
Director {
   Name = bacula-dir
   Password = mypassword
   TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
   TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
   TLS CA Certificate File = /etc/bacula/certs/cacert.pem
   TLS Enable = yes
   TLS Require = yes
}

FileDaemon {
   Name = web221.mydomain.com-fd
   FDport = 9102
   WorkingDirectory = /var/spool/bacula
   Pid Directory = /var/run
   Maximum Concurrent Jobs = 20
# Plugin Directory = /usr/lib64/bacula
   TLS Enable = yes
   TLS Require = yes
   TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
   TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
   TLS CA Certificate File = /etc/bacula/certs/cacert.pem
   PKI Signatures = Yes            # Enable Data Signing
   PKI Encryption = Yes            # Enable Data Encryption
   PKI Keypair =  
"/etc/bacula/bacula_disk_keys/fd-web221.mydomain.com.pem"    # Public  
and Private Keys
   PKI Master Key = "/etc/bacula/bacula_disk_keys/master.cert"    #  
ONLY the Public Key
}





--
Wesley Render, Consultant
OtherData
www.otherdata.com


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Remote backup through NAT?, Wesley Render
Next by Date:  Re: [Bacula-users] What to exclude?, Dimitri Maziuk
Previous by Thread:  Re: [Bacula-users] Remote backup through NAT?, Wesley Render
Next by Thread:  [Bacula-users] bacula.Job does not exist, Michael Munger
Indexes:  [Date] [Thread] [Top] [All Lists]