> Date: Thursday, March 10, 2016 09:05:43 -0800
> From: maaf4d <bacula-forum AT backupcentral DOT com>
>
> IPTables on Server:
> 
> Chain OUTPUT (policy ACCEPT)
> target   prot opt source     destination
> ACCEPT   tcp  --  anywhere   anywhere             state NEW tcp
dpts:bacula-dir:bacula-sd
> 
> Client's IPTables rules:
>
> Chain OUTPUT (policy ACCEPT)
> target   prot opt source     destination
> ACCEPT   tcp  --  anywhere   anywhere     state NEW tcp
dpt:bacula-fd


I think that your iptables output policies are a part of your
problem. A machine's output policy constrains what ports the source
side can go out from. With bacula you are going *to* ports 9101-03,
but *from* an arbitrary (high numbered) port. So, while you may want
to constrain that ports you accept inbound (input) connections on,
you generally leave the outbound (output) totally open. In your case,
you appear to be constraining your outbound ports to 9101 and 03 on
your server and 9102 on the client. That, in fact, means that you
very likely aren't getting out at all.

Remove those outbound constraints from iptables and things should
improve. I think you still have other issues, but you should be able
to telnet to the 9101-03 ports (as appropriate) and get at least a
"connection refused" response from the remote host.





------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users