Gabriel - IP Guys wrote: > > > Dear All, > > > > I need some fresh eyes on this at the moment. I made this entry in the > firewall scripts of my Linux servers which will be running some > component of Bacula > > > > iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9101:9103 > -j ACCEPT > > > > I will add the source directive when I'm looking it all down, will this > line in the firewall of all clients will allow bacula to work correctly? > For some reason, I am having issues getting this to work, the > configuration is fine, because it can backup and communicate locally > with no issues. Any tips would be appreciated. Thank you > > --- > > Kind Regards, > > Mr Gabriel
If I'm not mistaken, you need to tell iptables to DNAT the traffic. You will also need to tell iptables to allow the traffic. my example may/may not work exactly for you, but it should get you going in the right direction. iptables -A wan_dnat_chain -d $EXTERNALIP -p tcp -m tcp --dport 9103 -j DNAT --to-destination $BACULAHOST iptables -A wan_to_lan_chain -d $BACULAHOST -p tcp -m tcp --dport 9103 -m conntrack --ctorigdst $EXTERNALIP -j ACCEPT hope this helps. Terry ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
