Just as a follow up, moving to 7.4.x solved the problem. The secret is FD Storage Address.
For future searchers / Googlers: The FD Storage Address is defined for a given client, and that client will then use it to send all the storage requests to. Thus: If FD Storage Address is defined for a client: a. It should show the WAN address for the firewall / border device to your network b. You must have port forwarding set appropriately Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small Business Specialist Digium Certified Asterisk Professional mich...@highpoweredhelp.com From: Wanderlei Huttel [mailto:wanderleihut...@gmail.com] Sent: Tuesday, January 26, 2016 4:32 PM To: Michael Munger Cc: bacula-users@lists.sourceforge.net Subject: Re: [Bacula-users] Remote backup through NAT? Hello Michael I'm not sure if is it possible in older versions like yours. Take a look below ------------------------------------------------------------------------------------------ New Features in 7.2.0 FD Storage Address When the Director is behind a NAT, in a WAN area, to connect to the StorageDaemon, the Director uses an ``external'' ip address, and the FileDaemon should use an ``internal'' IP address to contact the StorageDaemon. The normal way to handle this situation is to use a canonical name such as ``storage-server'' that will be resolved on the Director side as the WAN address and on the Client side as the LAN address. This is now possible to configure this parameter using the new directive FDStorageAddress in the Storage or Client resource. Storage { Name = storage1 Address = 65.1.1.1 FD Storage Address = 10.0.0.1 SD Port = 9103 ... } Client { Name = client1 Address = 65.1.1.2 FD Storage Address = 10.0.0.1 FD Port = 9102 ... } Note that using the Client FDStorageAddress directive will not allow to use multiple Storage Daemon, all Backup or Restore requests will be sent to the specified FDStorageAddress. ------------------------------------------------------------------------------------------ Bacula is already in 7.4.0 version. It's highly recommended upgrading. Best Regards Wanderlei 2016-01-26 19:00 GMT-02:00 Michael Munger <mich...@highpoweredhelp.com>: Hello everyone, this is my first time mailing this list, so guidance on etiquette is welcomed. TLDR; = I have a server outside the firewall (john-fd is on 173.165.161.165) trying to backup to a storage daemon inside my LAN (d8-sd is on 192.168.250.202). I have port forwarded (in my Monowall) tcp/9103, and I can successfully telnet from the remote server to the local sd. But, the console is forever saying: "...waiting on storage file" when I run the job. What I've done: * Scoured the docs and tutorials * Exhausted Google (and DuckDuckGo) * Confirmed The software versions are all 5.6.2 (learned that one the hard way dealing with a Windows client!) * Shutdown bacula-sd and confirmed telnet no longer connects, and when I restart bacula-sd it DOES connect. * shutdown the firewall (everywhere - for testing) no joy * opened 9101 and 9102 on our firewall and forwarded them to 192.168.250.202 just in case any bacula service wants to communicate. * used netstat -tanop to watch the telnet connections come in from the remote server to confirm that NAT is working properly. What I think is going on: D8-FD (the file director on the server where bacula-sd, the pools, and volumes reside) can connect to the remote server, and can issue commands to run the backup job. But, when the remote fd tries to connect back (through the firewall from "outside -> in") to the storage daemon, it's failing - despite the fact that the NAT is setup properly, and I can telnet through it. That doesn't make sense to me because it should either work or be broken. So, I'm thinking that if I can telnet to it, then the remote fd should also be able to work with it. Nmap also shows the port as open and reachable. How else can I troubleshoot this "waiting on storage" problem? PS. I am about 18 hours in to working with Bacula. Fantastic product, but don't be afraid to assume I have missed something rudimentary. I have two machines on the LAN working and backing up, so I have had some success, but it's still possible I've missed something simple... Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small Business Specialist Digium Certified Asterisk Professional mich...@highpoweredhelp.com ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users