Re: [Bacula-users] Problem with a backup behind a firewall

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

On 6/16/2007 6:14 PM, Jean-Fran=E7ois Leroux wrote:
> Hi,
> I'm trying to backup a server in an external zone.
>=20
> Here's my setup :
>=20
> Director is in machine located in the private network. Storage is (disk=
)=20
> on another machine in the private network. Client is a machine in the=20
> external lan. In between, there is another machine (let's call it FW fo=
r=20
> instance) with an iptables script.
=2E..
> Now, that's what I tried for the storage daemon :
> iptables -A INPUT -s $INTIPSTOR -d $EXTIP -m state --state=20
> NEW,ESTABLISHED -m tcp -p tcp --dport 9102 -j ACCEPT
>=20
> iptables -A FORWARD -s $EXTIP -d $INTIPSTOR -p tcp --sport 9101:9103 -j=
=20
> ACCEPT
> iptables -A FORWARD -d $EXTIP -s $INTIPSTOR -p tcp ---sport 9101:9103 -=
j=20
> ACCEPT
>=20
> Where INTIPSTOR is the Storage daemon IP.
>=20
> Unfortunately, that doesn't work and I fail to see why. Bacula says=20
> Storage is waiting for client to connect to the storage daemon. Would=20
> you have any idea ?

I haven't verified this, but it might help to allow connections from the =

FD on extip to INTIP port 9103. If I understand your setup correctly,=20
you allow connections from EXTIP:9101-9103, but I guess the FD will not=20
necessarily use that source port range.

> PS : of course, I have tried with machines in the internal zone and tha=
t=20
> works fine, so I guess there's is something I don't get in the=20
> interactions between fireawall and bacula.

Well, just observe from what port the FD initiates its connection to the =

SD...

> Thanks for your ideas :)

Hope it helps,

Arno

>=20
> -----------------------------------------------------------------------=
-
>=20
> -----------------------------------------------------------------------=
--
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
>=20
>=20
> -----------------------------------------------------------------------=
-
>=20
> _______________________________________________
> Bacula-users mailing list
> Bac...@li...
> https://lists.sourceforge.net/lists/listinfo/bacula-users

--=20
IT-Service Lehmann                    al...@it...
Arno Lehmann                  http://www.its-lehmann.de