All -
After using Bacula for almost a year, I'm having to make some configuration
changes due to network topology and firewalls.
The situation is this: The network server is behind a firewall. The clients
I'm trying to back up are on the "other side" of the firewall (a DMZ of
sorts). The network server can connect to any of the client it wants to, but
the clients cannot connect back behind the firewall, thus cannot make the
connection back to the backup server. So, I thought I'd try SSH tunneling.
I modified the example ssh-tunnel script a bit, and here is my command line:
/usr/bin/ssh -fnCN2 -o PreferredAuthentications=publickey \
-i /usr/local/bacula/ssh/id_dsa -l $USER -R 9101:$LOCAL:9101 \
-R 9103:$LOCAL:9103 $CLIENT
The $USER is replaced with bacula (a valid account), $CLIENT is replaced with
the client's FQDN, and $LOCAL is replaced with the FQDN of the backup server,
and all this is run from a "Run Before Job" directive for the client.
Here is my storage resource that I use for clients on the other side of the
firewall. It is identical to my regular storage resource, but uses localhost
as the address so the clients will connect to localhost:9103.
Storage {
Name = herodotus-sd-ops
Address = localhost
SDPort = 9103
Password = "apasswordgoeshere"
Device = AdicFastStor22
Media Type = DLT8000
Autochanger = yes
Maximum Concurrent Jobs = 30
}
When I fire off the job, messages reports that the ssh-tunnel script completed
successfully, and I can see the ports listening on the clients. However,
things just hang from there.
Director status shows job running.
Client status shows no job running.
Storage status shows no job running.
Netstat shows no new connections on either side.
Messages never gives the "12-Dec 16:42 herodotus-dir: Start Backup JobId ....,
Job=...."
I can even connect to localhost:9103 (on the client), type a few characters,
and it will disconnect me, just as it would if connected directly to the
server and did that.
BUT!! When I kill the tunnel, then, and only then, the "Start Backup" message
appears, but of course it just hangs because the client can't contact the
server because the tunnel is down. I then have to cancel the backup job.
When I do, SD termination status says "Waiting on FD."
I'm sure it's something sadly simple, but I have been messing with this for
the better part of 4 hours, and I still can't figure out what I am doing
wrong. Can anyone offer any tips? When I figure this out, I'll write up a
section for the manual so we'll have something more for ssh tunneling than
just "Please see the script..." which isn't very helpful to someone
unacquainted with the intricacies of ssh tunneling, key-gen/key usage, etc.
Any help would be great! Thanks!
j----- k-----
--
Joshua Kugler
CDE System Administrator
http://distance.uaf.edu/
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
