Re: [Bacula-users] natted bacula server

[Dave]

Hi Phil,
   Thanks for your reply. I was planning on using tls for encryption. Given 
that it seems as if stunnel would be doing double duty encrypting the 
tunnel. Do you have a similar setup?
Thanks.
Dave.

----- Original Message ----- 
From: "Phil Stracchino" <[EMAIL PROTECTED]>
To: <bacula-users@lists.sourceforge.net>
Sent: Saturday, February 04, 2006 5:04 PM
Subject: Re: [Bacula-users] natted bacula server


Dave wrote:
Hello,
   I'm trying to implement cross-internet bacula backups. And i'm trying
to keep this as simple as i can. All servers and clients are running
freebsd and bacula 1.38.5 via ports. On the client box which has a
public IP address i've got bacula-fd running and port 9102 open from the
firewall. I can telnet from my natted bacula backup server to the
client's port 9102, so i believe this part is correct. My problem is the
natted bacula backup server has a private 192.168.x.x IP and an internal
domain name. It's gateway box does have a public address. My question is
how do i reference this natted backup server in the client's
bacula-fd.conf? I'm next going to implement ssl encryption to secure the
data.

The issue here is that it's not enough for the Director to be able to
resolve the SD's IP.  The SD must also be able to resolve the FD's IP
and connect to it.  For this reason as well as because bacula's
transport is not currently encrypted, the RECOMMENDED method of backing
up a client outside a firewall from a server inside a firewall and
behind NAT is to have the server open a secure tunnel to the client
using stunnel or some similar tool, across which all communication
between the client and server is then tunnelled.

There is a section on doing this, with examples (if I recall correctly),
in the documentation.  Your first step should probably be to go study it.



--
Phil Stracchino       [EMAIL PROTECTED]
   Renaissance Man, Unix generalist, Perl hacker
Mobile: 603-216-7037         Landline: 603-886-3518


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users 



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users