Re: [Bacula-users] Bacula client behind NAT

Mon, 22 Apr 2013 04:11:46 -0700

El 19/04/2013 16:52, Humphrey Bryant escribió:
I'm trying to run a backup of a client behind NAT.
What happened when you run a backup job was it success/failure/hanged??
It starts OK, but it is running on the client-router, not in client-behin-NAT. I don't understand why ¿?¿?¿?


Why is server getting the backup of client-router instead of client-behind-NAT?
Maybe because you have the client-router  (public) IP as the client Address (assuming here); if you setup the router to port forward 9102 to the (private) LAN IP address of the client-behind-NAT you should get files from the client-behind-NAT.
But I think I can't do that, because I run also backups from client-router, so port 9102 can't be redirected (prerouting) to client-behind-NAT 9102 port. Because of that, I use another port (19102). I run backups on port 9102 for client-router and backups on port 19102 for client-behind-NAT

Try checking client status with BAT.

On 04/19/2013 05:26 AM, Personal Técnico wrote:
Hi,

I'm trying to run a backup of a client behind NAT. My network configuration is this:
  1. a server with public IP --> aka server
  2. a client with public and private IP --> aka client-router
  3. a client with ONLY private IP --> aka client-behind-NAT

Well, what I'm trying is run a backup from 1 to 3, going through 2 via NAT-PREROUTING. Configuration files are these:

In server, I have defined:

Client {
  Name = client-behind-NAT
  Address = client-router
  FDPort = 19102
  Catalog = Catalogo
  Password = "xxxx"
}

I have configured a "Run Before Job" directive in job definition:

Job {
  Name = "BackupFull-COBBLER"
  Client = server
  JobDefs = "Full_Cobbler"
  Write Bootstrap = "/var/bacula/cobbler"
  Pool = Full_COBBLER
  Enabled = yes
  Run Before Job = "/etc/bacula/scripts/check-status-client.sh '%c' '%p'"
}


"check-status-client.sh" is this script:

#!/bin/sh
HOST=$1
PORT=9102
if [ "$2" == "Full_COBBLER" ]; then
        PORT=19102
fi
NC=/usr/bin/netcat
HOST=`echo $HOST | sed 's/-fd//g'`
OUT=`$NC -w 20 -z $HOST $PORT`
if [ $? -eq 0 ]; then
        echo "$PORT port is up"
        exit 0
else
        echo "$PORT port is down"
        exit 1
fi


What I test with this script is if bacula client is running on remote client and, if running job is for client-behind-NAT, I check also pool name and, in case of OK, I change remote checking port.

In client-router, I have added this lines to iptables:

* filter
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d client-behind-NAT --dport 19102 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d client-behind-NAT --dport 9101 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p tcp -s server --sport 1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
-A FORWARD -i vlan100 -o vlan10 -p udp -s server --sport 1024:65535 -d client-behind-NAT --dport 9103 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s client-behind-NAT --sport 19102 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s client-behind-NAT --sport 9101 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p tcp -d server --dport 1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT
-A FORWARD -o vlan100 -i vlan10 -p udp -d server --dport 1024:65535 -s client-behind-NAT --sport 9103 -j ACCEPT

*nat
-A POSTROUTING -s 192.168.11.0/24 -o vlan100 -j MASQUERADE
-A PREROUTING -i vlan100 -p tcp -s server -d client-router --dport 19102 -j DNAT --to client-behind-nat:19102
And, of couse:
echo "1" > /proc/sys/net/ipv4/ip_forward


Bacula-fd file configuration, on client side:

[...]
FileDaemon {                          # this is me
  Name = client-router
 ## FDport = 19102                  # where we listen for the director
  WorkingDirectory = /var/spool/bacula
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
  FDAddresses = { ip = { addr = client-behind-NAT; port = 19102; } }
}
[...]


With all this configuration, port checking (19102) runs OK (prerouting and redirection), but when jobs starts (it's to say, when bacula-fd starts getting files), server is doing a backup of client-router, instead of client-behind-NAT.


Bufff, I hope you understand my explanation...

Why is server getting the backup of client-router instead of client-behind-NAT?

Thank a lot!!!!



------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter


_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users







------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to