Hi,
I'm trying to backup a server in an external zone.
Here's my setup :
Director is in machine located in the private network. Storage is (disk) on
another machine in the private network. Client is a machine in the external
lan. In between, there is another machine (let's call it FW for instance)
with an iptables script.
What's working :
I can connect to the client and run estimate Ok. Here's what I added to the
firewall to do so :
# Director communicates with external network
iptables -A INPUT -s $INTIP -d $EXTIP -m state --state NEW,ESTABLISHED -m
tcp -p tcp --dport 9102 -j ACCEPT
iptables -A FORWARD -s $EXTIP -d $INTIP -p tcp --dport 9102 -j ACCEPT
iptables -A FORWARD -d $EXTIP -s $INTIP -p tcp --sport 9102 -j ACCEPT
Where $INTP is the Director IP and $EXTIP the client machine.
Now, that's what I tried for the storage daemon :
iptables -A INPUT -s $INTIPSTOR -d $EXTIP -m state --state NEW,ESTABLISHED
-m tcp -p tcp --dport 9102 -j ACCEPT
iptables -A FORWARD -s $EXTIP -d $INTIPSTOR -p tcp --sport 9101:9103 -j
ACCEPT
iptables -A FORWARD -d $EXTIP -s $INTIPSTOR -p tcp ---sport 9101:9103 -j
ACCEPT
Where INTIPSTOR is the Storage daemon IP.
Unfortunately, that doesn't work and I fail to see why. Bacula says Storage
is waiting for client to connect to the storage daemon. Would you have any
idea ?
PS : of course, I have tried with machines in the internal zone and that
works fine, so I guess there's is something I don't get in the interactions
between fireawall and bacula.
Thanks for your ideas :)
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
