23.6.2011 18:49, Kevin O'Connor kirjoitti: > > > 2011/6/23 Jari Fredriksson <ja...@iki.fi <mailto:ja...@iki.fi>> > > 23.6.2011 4:28, Dan Langille kirjoitti: > > > > On Jun 22, 2011, at 9:18 PM, Kevin O'Connor wrote: > > > >> On Mon, Jun 20, 2011 at 6:55 PM, Dan Langille <d...@langille.org > <mailto:d...@langille.org>> wrote: > >> On Jun 20, 2011, at 12:11 PM, Kevin O'Connor wrote: > >>> > >>>> My setup is as follows: > >>>> > >>>> Bacula Server (DIR, SD) -> Firewall/NAT -> Server to be backed > up (FD) > >>>> > >>>> The FD is accessible from anywhere, but the DIR/SD is not (NAT/FW). > >>>> > >>>> When I start the backup, the Director connects to the FD > without a problem, but then when the Director tells the FD to > connect back to the SD it fails because of the NAT. I'm in a > situation where I can't get the ports forwarded, but it would seem > that there should be a way to have the SD connect out to the FD or > something along those lines to get this working. Is there a way to > do that that I've missed in the docs or is really the only way to > get this working is to expose the SD? > >>> > >>> No, there is not. > >>> > >>> I highly recommend OpenVPN. It simplifies a great many things. > >> > > > >> So I've followed that SSH tunneling article, but I see that the > FD on the remote server outside of the firewall is trying to connect > to 172.16.x.x, which is what the SD resolves to inside of our > network. I've followed the instructions in the article to add the > SD FQDN to /etc/hosts to make it resolve to 127.0.0.1, but somehow > this 172.16.x.x address is getting passed along. > > > > I can't comment. You didn't provide the URL to the document you > are following. Please don't expect us to search for it. :) > > > > > > What host has the SD resolve to localhost? Nobody should need that. > > > > ssh-tunnel solutions requires that on the fd machine. There sshd listens > on localhost on behalf of SD, and forwards the connection over the > tunnel. > > The document is on Bacula wiki page, and it works. I have implemented > ssh-tunneling per the document, and I have no problems. > > > The document is a little fuzzy as to what steps are required where, the > SSH tunnel should be created on the director which will then connect out > to the system to be backed up running the FD? Then the FD goes through > the tunnel that's been opened up on localhost and the traffic should be > directed to the SD port on the director? >
In my setup: 1. Director opens the SSH-tunnel, and starts listening on localhost AND client-fd 2. Director connects to the client using localhost (SSH-tunnel) 3. Client connects to the SD using it's name. /etc/hosts on FD machine declares that address as 127.0.0.1, so client connects to SD via SSH-tunnel > > >> > >> Does the Bacula Director resolve that FQDN and pass the IP along > instead of passing the FQDN? I'm talking about what's specified in > bacula-sd.conf. > >> > >> Thanks! > > > > Are you sure you have the FQDN in the Bacula config file, and not the > 172.xx IP-address? > > I have followed the same doc, and my setup just works. > > > Yeah, absolutely. There's no reference in any of my configs anywhere > (dir, sd, fd) on either machine to that IP, so it makes me think the > Director is resolving it, using that value internally, and then passing > that over the wire instead of the FQDN specified in my config. I'm > using Director 5.0.3 and FD 5.0.1 if that makes a difference. > > > -- > > The true Southern watermelon is a boon apart, and not to be > mentioned with > commoner things. It is chief of the world's luxuries, king by the grace > of God > over all the fruits of the earth. When one has tasted it, he knows > what the > angels eat. It was not a Southern watermelon that Eve took; we know it > because > she repented. > -- Mark Twain, "Pudd'nhead Wilson's Calendar" > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with > vRanger. > Installation's a snap, and flexible recovery options mean your data > is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > <mailto:Bacula-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/bacula-users > > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > > > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users -- You are going to have a new love affair.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
