Thanks for your feedback. Sounds like I didn't miss anything then. I am trying to backup clients from home networks. These users generally don't have IPSEC capable routers which stops the site-to-site idea. Your also right that I could use non-defualt ports but this would deviate from default configs and require static internal IPs or DHCP reservations both of which increase management overhead as the deployment grows.
I can see the solution plain as day with a client initiated option but I'm not so profecient as to write it. I guess the non-default ports is the way to go. Thank you again. ----- Original Message ----- From: "Julian Fahrer" <jul...@fahrer.net> To: "bacula-users" <bacula-users@lists.sourceforge.net> Sent: Tuesday, February 7, 2012 12:24:20 PM Subject: Re: [Bacula-users] FD behind NAT As you already said, you could use a site-to-site vpn. I don't know your network, but if a non-openvpn site-to-site vpn would works, I guess you could also use one openvpn instance on both sides to establish a site-to-site connection. Or you could nat multiple ports to multiple clients. For example: your offical IP is 123.123.123.123. your internal clients have the IPs 192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4. You then could nat 123.123.123.123:9111 to 192.168.0.1, 123.123.123.123:9112 to 192.168.0.2, 123.123.123.123:9113 to 192.168.0.3, 123.123.123.123:9114 to 192.168.0.4 ... Personally I would definitely recommend a site-to-site vpn! Kind regards Julian -----Ursprüngliche Nachricht----- Von: Christopher Geegan [mailto:cgee...@infosecur.biz] Gesendet: Dienstag, 7. Februar 2012 18:56 An: bacula-users Betreff: [Bacula-users] FD behind NAT Forgive me if this has been asked and answered. I have a client (FD) behind NAT and I am look for ways to initiate backup jobs from the server without port forwarding on the client side. I have read numerous articles of how to resolve issues with the server (DIR/SD) being behind NAT but to me this is easy. I have even looked over the "Dealing with Firewalls" section of the manual. In order for bacula to work Dir must be able to contact FD to tell it to start the backup. Port forwarding is not an option as we have numerous clients, Linux and Windows, behind NAT and we cannot assign an external IP to each internal FD. To me this means I have to have a site-to-site VPN tunnel or clients each running OpenVPN for example. I am hoping somone can point me towards something I missed. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
