On 19/04/2013, at 10:22 a.m., Humphrey Bryant <hbry...@fogadaley.com> wrote:
> I'm trying to run a backup of a client behind NAT.
> What happened when you run a backup job was it success/failure/hanged??
>
> Why is server getting the backup of client-router instead of
> client-behind-NAT?
> Maybe because you have the client-router (public) IP as the client Address
> (assuming here); if you setup the router to port forward 9102 to the
> (private) LAN IP address of the client-behind-NAT you should get files from
> the client-behind-NAT.
>
> Try checking client status with BAT.
>
> On 04/19/2013 05:26 AM, Personal Técnico wrote:
>> Hi,
>>
>> I'm trying to run a backup of a client behind NAT. My network configuration
>> is this:
>> a server with public IP --> aka server
>> a client with public and private IP --> aka client-router
>> a client with ONLY private IP --> aka client-behind-NAT
>> Well, what I'm trying is run a backup from 1 to 3, going through 2 via
>> NAT-PREROUTING. Configuration files are these:
>> In server, I have defined:
>> Client {
>> Name = client-behind-NAT
>> Address = client-router
>> FDPort = 19102
>> Catalog = Catalogo
>> Password = "xxxx"
>> }
>> I have configured a "Run Before Job" directive in job definition:
>> Job {
>> Name = "BackupFull-COBBLER"
>> Client = server
>> JobDefs = "Full_Cobbler"
>> Write Bootstrap = "/var/bacula/cobbler"
>> Pool = Full_COBBLER
>> Enabled = yes
>> Run Before Job = "/etc/bacula/scripts/check-status-client.sh '%c' '%p'"
>> }
>>
>> "check-status-client.sh" is this script:
>> #!/bin/sh
>> HOST=$1
>> PORT=9102
>> if [ "$2" == "Full_COBBLER" ]; then
>> PORT=19102
>> fi
>> NC=/usr/bin/netcat
>> HOST=`echo $HOST | sed 's/-fd//g'`
>> OUT=`$NC -w 20 -z $HOST $PORT`
>> if [ $? -eq 0 ]; then
>> echo "$PORT port is up"
>> exit 0
>> else
>> echo "$PORT port is down"
>> exit 1
>> fi
>>
>> What I test with this script is if bacula client is running on remote client
>> and, if running job is for client-behind-NAT, I check also pool name and, in
>> case of OK, I change remote checking port.
>> In client-router, I have added this lines to iptables:
>> * filter
>> -A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d
>> client-behind-NAT --dport 19102 -j ACCEPT
>> -A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d
>> client-behind-NAT --dport 19102 -j ACCEPT
>> -A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d
>> client-behind-NAT --dport 9101 -j ACCEPT
>> -A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d
>> client-behind-NAT --dport 9101 -j ACCEPT
>> -A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d
>> client-behind-NAT --dport 9103 -j ACCEPT
>> -A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d
>> client-behind-NAT --dport 9103 -j ACCEPT
>> -A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s
>> client-behind-NAT --sport 19102 -j ACCEPT
>> -A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s
>> client-behind-NAT --sport 19102 -j ACCEPT
>> -A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s
>> client-behind-NAT --sport 9101 -j ACCEPT
>> -A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s
>> client-behind-NAT --sport 9101 -j ACCEPT
>> -A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s
>> client-behind-NAT --sport 9103 -j ACCEPT
>> -A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s
>> client-behind-NAT --sport 9103 -j ACCEPT
>>
>> *nat
>> -A POSTROUTING -s 192.168.11.0/24 -o vlan100 -j MASQUERADE
>> -A PREROUTING -i vlan100 -p tcp -s server -d client-router --dport 19102 -j
>> DNAT --to client-behind-nat:19102
>> And, of couse:
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>> Bacula-fd file configuration, on client side:
>>
>> [...]
>> FileDaemon { # this is me
>> Name = client-router
>> ## FDport = 19102 # where we listen for the director
>> WorkingDirectory = /var/spool/bacula
>> Pid Directory = /var/run
>> Maximum Concurrent Jobs = 20
>> FDAddresses = { ip = { addr = client-behind-NAT; port = 19102; } }
>> }
>> [...]
>>
>> With all this configuration, port checking (19102) runs OK (prerouting and
>> redirection), but when jobs starts (it's to say, when bacula-fd starts
>> getting files), server is doing a backup of client-router, instead of
>> client-behind-NAT.
>>
>> Bufff, I hope you understand my explanation...
>> Why is server getting the backup of client-router instead of
>> client-behind-NAT?
>> Thank a lot!!!!
>>
>>
>> ------------------------------------------------------------------------------
>> Precog is a next-generation analytics platform capable of advanced
>> analytics on semi-structured data. The platform includes APIs for building
>> apps and a phenomenal toolset for data science. Developers can use
>> our toolset for easy data analysis & visualization. Get a free account!
>> http://www2.precog.com/precogplatform/slashdotnewsletter
>>
>>
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
> <hbryant.vcf>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
At this point, I trust you have checked the NAT settings (you should test the
iptables rules, modify your server's routing table so the client-router is a
gateway for the private network you defined, and that you have proper
hostnames, either locally with resolv.conf and such, or with DNS). I have a few
doubts:
-) If you have different network adapters in client-router, why would you add
-s server to all iptables rules? The source of the packets is not always server
-) Why is client = server defined in the job? Shouldn't it be client? ( these
names are starting to mess with me! :) )
LDC - Gustavo El Khoury------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
