In response to James Ray <[EMAIL PROTECTED]>: > We have a concept of a system address (the machine itself) and a service > address (one for each service, say .2 == an apache service, .3 == an > bacula service, .4 == a dns service, where as .1 is a _system_ address) > all the interfaces will be on the same machine. > > So any communications coming _from_ the bacula service need to come out > of .3 and any connections to the bacula service need to head onto .3 also. > > What I have seen (only on my breif testing) is that the listen address > is the .3 address (as I set in DirAddress) but the outcoming connections > from the bacula-dir to the bacula-fd across the network originate for > the system default address of .1... > > I shall re-test and post my outcomes.
I just want to quickly chime in that this is of interest to us as well, since we take the same approach. (i.e. each machine has a "management" address and another address for each "service" it provides) The primary reason for this is to help simplify firewall rules. We're in a high-security situation here, so our firewalls default to deny (even from one server to another). Each communication must be explicitly allowed. A secondary reason for this is planning for expansion. Some servers run many services (DNS, NFS, LDAP, etc). In the event that we should split the aforementioned machine into two systems (i.e. put DNS & LDAP on one, and NFS on the second) we don't have to change any firewall rules or configurations on other machines, because the service IPs can follow the services. I haven't had time to investigate whether the [FD|SD|DIR]Address sets both the listening and the outgoing address, but a firewall audit is on the TODO list, and when I finally get to it, I'll have to address this for a number of services, not only Bacula. -- Bill Moran Collaborative Fusion Inc. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
