Richard W. Knight wrote:
Thomas,
Thanks for your reply. In my last post I said I was using pmfirewall.
Scratch that. I switched to iptables a few years ago. Anyway,
Thomas Simmons wrote:
Dave,
Thanks for the reply. I'm running pmfirewall on an RH7 box. It also
does my routing.
I removed the block from public 192.168.n.n but I still could not see
the private server from the public. I set this up so long ago, I've
forgotten a lot of the configs so I guess I need to do some snooping.
Any hints why I still can't see the private server?
Does your server on the public side have a route in it's routing table
to the private network?
Thanks again,
Rick Knight
Dave wrote:
Hi,
If your setup is like mine yes that's what you need to do. You'll
also need to tell your firewall to let out port 9102 traffic as well
i think. What firewall are you using?
Dave.
From a security standpoint, instead of simply opening port 9103, it
would be a better idea to specify rules that will allow inbound
traffic on 9103, only from the bacula clients, and destined for the
bacula server.
This may be above my head. Can you give me some pointers or point me in
the right direction to learn more?
Sure! Like I said before you're main goal should be to allow inbound connection on port 9103 only if it's from
the public server and destined for the bacula server. You could add a rule that would do just that to your
firewall with the following command. (also remember to add it to your iptables startup script) It should be
pretty obvious what this does but if you have any questions about it i'll be happy to answer them.
iptables -A FORWARD -p tcp --dport 9103 --source 64.0.0.1 --destination
192.168.0.1 -j ACCEPT
As for routing, it really depends on what type of routing you're doing on the firewall. If your doing nat
(which I assume) then port forwarding is your only option. With this you basically you tell your router to
forward anything inbound on 9103 directly to the bacula server. www.netfilter.org, will probably be the best
place to read up on iptables.
----- Original Message ----- From: "Richard W. Knight"
<[EMAIL PROTECTED]>
To: "Bacula Users" <bacula-users@lists.sourceforge.net>
Sent: Tuesday, November 22, 2005 6:53 PM
Subject: [Bacula-users] Network Backup
Hi,
I've just finished upgrading from 1.34 to 1.38.1 and while I was at
it, I moved Bacula form a server with a public IP (64.n.n.n) to a
server with a private IP (192.168.n.n) that's behind (inside?) my
firewall. I did this because I need to back up both servers and a
workstation. Everything looked like it went fine until Bacula tried
to back up the server on the public side. I get this error message...
22-Nov 11:42 my_public_server-linux-fd:
My_Job-Linux.2005-11-22_05.31.43 Warning: bnet.c:852 Could not
connect to Storage daemon on my_private_server-linux:9103.
ERR=Connection timed out
I can see the the public server from the private side just fine,
but I cannot see the private server from the public server. I
assume I just need to tell my firewall to allow traffic to the
private network 192.168.n.n on port 9103. Am I correct?
Thanks,
Rick Knight
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
