Re: [Bacula-users] Bacula client behind NAT

Fri, 19 Apr 2013 07:56:01 -0700 

/I'm trying to run a backup of a client behind NAT/.
What happened when you run a backup job was it success/failure/hanged??
/Why is server getting the backup of client-router instead of client-behind-NAT?/ Maybe because you have the _*client-router *_ (public) IP as the client Address (assuming here); if you setup the router to port forward 9102 to the (private) LAN IP address of the _*client-behind-NAT*_ you should get files from the _*client-behind-NAT*_. 

Try checking client status with BAT.

On 04/19/2013 05:26 AM, Personal Técnico wrote:

Hi,
I'm trying to run a backup of a client behind NAT. My network configuration is this: 

 1. a server with public IP --> aka _*server*_
 2. a client with public and private IP --> aka _*client-router*_
 3. a client with ONLY private IP --> aka _*client-behind-NAT*_
Well, what I'm trying is run a backup from 1 to 3, going through 2 via NAT-PREROUTING. Configuration files are these: 

In server, I have defined:

    Client {
      Name = _*client-behind-NAT*_
      Address = _*client-router*_
      FDPort = _*19102*_
      Catalog = Catalogo
      Password = "xxxx"
    }

I have configured a "Run Before Job" directive in job definition:

    Job {
      Name = "BackupFull-COBBLER"
      Client = server
      JobDefs = "Full_Cobbler"
      Write Bootstrap = "/var/bacula/cobbler"
      Pool = Full_COBBLER
      Enabled = yes
      Run Before Job = "/etc/bacula/scripts/check-status-client.sh
    '%c' '%p'"
    }


"check-status-client.sh" is this script:

    #!/bin/sh
    HOST=$1
    PORT=9102
    if [ "$2" == "Full_COBBLER" ]; then
            PORT=19102
    fi
    NC=/usr/bin/netcat
    HOST=`echo $HOST | sed 's/-fd//g'`
    OUT=`$NC -w 20 -z $HOST $PORT`
    if [ $? -eq 0 ]; then
            echo "$PORT port is up"
            exit 0
    else
            echo "$PORT port is down"
            exit 1
    fi
What I test with this script is if bacula client is running on remote client and, if running job is for client-behind-NAT, I check also pool name and, in case of OK, I change remote checking port. 

In client-router, I have added this lines to iptables:

    * filter
    -A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport
    1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
    -A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport
    1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
    -A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport
    1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
    -A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport
    1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
    -A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport
    1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
    -A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport
    1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
    -A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport
    1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
    -A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport
    1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
    -A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport
    1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
    -A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport
    1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
    -A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport
    1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT
    -A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport
    1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT

    *nat
    -A POSTROUTING -s 192.168.11.0/24 -o vlan100 -j MASQUERADE
    -A PREROUTING -i vlan100 -p tcp -s server -d client-router --dport
    19102 -j DNAT --to client-behind-nat:19102

And, of couse:

    echo "1" > /proc/sys/net/ipv4/ip_forward


Bacula-fd file configuration, on client side:

    [...]
    FileDaemon {                          # this is me
      Name = client-router
     ## FDport = 19102                  # where we listen for the director
      WorkingDirectory = /var/spool/bacula
      Pid Directory = /var/run
      Maximum Concurrent Jobs = 20
      FDAddresses = { ip = { addr = client-behind-NAT; port = 19102; } }
    }
    [...]
With all this configuration, port checking (19102) runs OK (prerouting and redirection), but when jobs starts (it's to say, when bacula-fd starts getting files), server is doing a backup of client-router, instead of client-behind-NAT. 


Bufff, I hope you understand my explanation...
Why is server getting the backup of client-router instead of client-behind-NAT? 

Thank a lot!!!!



------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter


_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

<<attachment: hbryant.vcf>>

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to