Re: [Bacula-users] Problem with a backup behind a firewall

Mon, 18 Jun 2007 14:01:36 -0700 

>>>>> On Sat, 16 Jun 2007 18:14:09 +0200, Jean-François Leroux said:
> 
> Hi,
> I'm trying to backup a server in an external zone.
> 
> Here's my setup :
> 
> Director is in machine located in the private network. Storage is (disk) on
> another machine in the private network. Client is a machine in the external
> lan. In between, there is another machine (let's call it FW for instance)
> with an iptables script.
> 
> What's working :
> I can connect to the client and run estimate Ok. Here's what I added to the
> firewall to do so :
> 
> # Director  communicates with external network
> iptables -A INPUT -s $INTIP -d $EXTIP -m state --state NEW,ESTABLISHED -m
> tcp -p tcp --dport 9102 -j ACCEPT
> 
> iptables -A FORWARD -s $EXTIP -d $INTIP -p tcp --dport 9102 -j ACCEPT
> iptables -A FORWARD -d $EXTIP -s $INTIP -p tcp --sport 9102 -j ACCEPT
> 
> Where $INTP is the Director IP and $EXTIP the client machine.
> 
> Now, that's what I tried for the storage daemon :
> iptables -A INPUT -s $INTIPSTOR -d $EXTIP -m state --state NEW,ESTABLISHED
> -m tcp -p tcp --dport 9102 -j ACCEPT
> 
> iptables -A FORWARD -s $EXTIP -d $INTIPSTOR -p tcp --sport 9101:9103 -j
> ACCEPT
> iptables -A FORWARD -d $EXTIP -s $INTIPSTOR -p tcp ---sport 9101:9103 -j
> ACCEPT
> 
> Where INTIPSTOR is the Storage daemon IP.
> 
> Unfortunately, that doesn't work and I fail to see why. Bacula says Storage
> is waiting for client to connect to the storage daemon. Would you have any
> idea ?

I think you have the storage daemon rules backwards -- the file daemon
connects to storage daemon, so you need to map ext->int for dport 9103 (not
sport and not 9102).

Note that the Director tells the file daemon to connect to the storage daemon
using the Address field in the director's Storage resource.  This needs to be
an external address (or map to one via DNS).

__Martin

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to