2011/6/23 Jari Fredriksson <ja...@iki.fi>
> 23.6.2011 4:28, Dan Langille kirjoitti:
> >
> > On Jun 22, 2011, at 9:18 PM, Kevin O'Connor wrote:
> >
> >> On Mon, Jun 20, 2011 at 6:55 PM, Dan Langille <d...@langille.org> wrote:
> >> On Jun 20, 2011, at 12:11 PM, Kevin O'Connor wrote:
> >>>
> >>>> My setup is as follows:
> >>>>
> >>>> Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed up (FD)
> >>>>
> >>>> The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW).
> >>>>
> >>>> When I start the backup, the Director connects to the FD without a
> problem, but then when the Director tells the FD to connect back to the SD
> it fails because of the NAT. I'm in a situation where I can't get the ports
> forwarded, but it would seem that there should be a way to have the SD
> connect out to the FD or something along those lines to get this working.
> Is there a way to do that that I've missed in the docs or is really the
> only way to get this working is to expose the SD?
> >>>
> >>> No, there is not.
> >>>
> >>> I highly recommend OpenVPN. It simplifies a great many things.
> >>
> >
> >> So I've followed that SSH tunneling article, but I see that the FD on
> the remote server outside of the firewall is trying to connect to
> 172.16.x.x, which is what the SD resolves to inside of our network. I've
> followed the instructions in the article to add the SD FQDN to /etc/hosts to
> make it resolve to 127.0.0.1, but somehow this 172.16.x.x address is getting
> passed along.
> >
> > I can't comment. You didn't provide the URL to the document you are
> following. Please don't expect us to search for it. :)
> >
> >
> > What host has the SD resolve to localhost? Nobody should need that.
> >
>
> ssh-tunnel solutions requires that on the fd machine. There sshd listens
> on localhost on behalf of SD, and forwards the connection over the tunnel.
>
> The document is on Bacula wiki page, and it works. I have implemented
> ssh-tunneling per the document, and I have no problems.
>
The document is a little fuzzy as to what steps are required where, the SSH
tunnel should be created on the director which will then connect out to the
system to be backed up running the FD? Then the FD goes through the tunnel
that's been opened up on localhost and the traffic should be directed to the
SD port on the director?
>
> >>
> >> Does the Bacula Director resolve that FQDN and pass the IP along instead
> of passing the FQDN? I'm talking about what's specified in bacula-sd.conf.
> >>
> >> Thanks!
> >
>
> Are you sure you have the FQDN in the Bacula config file, and not the
> 172.xx IP-address?
>
> I have followed the same doc, and my setup just works.
>
Yeah, absolutely. There's no reference in any of my configs anywhere (dir,
sd, fd) on either machine to that IP, so it makes me think the Director is
resolving it, using that value internally, and then passing that over the
wire instead of the FQDN specified in my config. I'm using Director 5.0.3
and FD 5.0.1 if that makes a difference.
>
> --
>
> The true Southern watermelon is a boon apart, and not to be mentioned with
> commoner things. It is chief of the world's luxuries, king by the grace
> of God
> over all the fruits of the earth. When one has tasted it, he knows what
> the
> angels eat. It was not a Southern watermelon that Eve took; we know it
> because
> she repented.
> -- Mark Twain, "Pudd'nhead Wilson's Calendar"
>
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with
> vRanger.
> Installation's a snap, and flexible recovery options mean your data is
> safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
>
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
