Re: [Bacula-users] Remote backup through NAT?
This is REALLY helpful.
I have it working on some public services that are physically attached to our
network, so I haven't enabled SSL (because it never leaves the office), but my
next step is to do it with some remote datacenter boxes, and the SSL configs
you have just sent are invaluable time savers. Thanks!
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com
-Original Message-
From: Wesley Render [mailto:wren...@otherdata.com]
Sent: Wednesday, January 27, 2016 4:21 PM
To: bacula-users@lists.sourceforge.net
Subject: Re: [Bacula-users] Remote backup through NAT?
I had a lot of problems getting my setup to work over NAT too. If you want
email me directly and I can provide my full configs/help out. I think what
ended up fixing it for me was updating all of the Bacula components to 7.2.0.
I had a real struggle trying to get it to work with 5.x too.
Here is what I would recommend:
- For consistency make sure you are running all Bacula 7.2.0 on all computers.
(Not sure if this is possible for Microsoft Windows Clients)
- On your firewall for the internal lan where your bacula server and storage
daemon is. Open/Forward ports 9101-9103.
- In your bacula server for the "client" definition, make sure the
"Address" is that of the public IP, or hostname of the client server.
Mine looks like this:
# On the Bacula Server #
Client {
Name = web221.mydomain.com-fd
Password = mypassword
Address = web221.mydomain.com
FDPort = 9102
Catalog = MyCatalog
File Retention = 30 days
Job Retention = 6 months
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem AutoPrune = yes }
- On the client's bacula-fd.conf mine looks like this:
# On the Linux Client #
Director {
Name = bacula-dir
Password = mypassword
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem
TLS Enable = yes
TLS Require = yes
}
FileDaemon {
Name = web221.mydomain.com-fd
FDport = 9102
WorkingDirectory = /var/spool/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
# Plugin Directory = /usr/lib64/bacula
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem
PKI Signatures = Yes# Enable Data Signing
PKI Encryption = Yes# Enable Data Encryption
PKI Keypair =
"/etc/bacula/bacula_disk_keys/fd-web221.mydomain.com.pem"# Public
and Private Keys
PKI Master Key = "/etc/bacula/bacula_disk_keys/master.cert"#
ONLY the Public Key
}
--
Wesley Render, Consultant
OtherData
www.otherdata.com
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Remote backup through NAT?
I had a lot of problems getting my setup to work over NAT too. If you
want email me directly and I can provide my full configs/help out. I
think what ended up fixing it for me was updating all of the Bacula
components to 7.2.0. I had a real struggle trying to get it to work
with 5.x too.
Here is what I would recommend:
- For consistency make sure you are running all Bacula 7.2.0 on all
computers. (Not sure if this is possible for Microsoft Windows Clients)
- On your firewall for the internal lan where your bacula server and
storage daemon is. Open/Forward ports 9101-9103.
- In your bacula server for the "client" definition, make sure the
"Address" is that of the public IP, or hostname of the client server.
Mine looks like this:
# On the Bacula Server #
Client {
Name = web221.mydomain.com-fd
Password = mypassword
Address = web221.mydomain.com
FDPort = 9102
Catalog = MyCatalog
File Retention = 30 days
Job Retention = 6 months
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem
AutoPrune = yes
}
- On the client's bacula-fd.conf mine looks like this:
# On the Linux Client #
Director {
Name = bacula-dir
Password = mypassword
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem
TLS Enable = yes
TLS Require = yes
}
FileDaemon {
Name = web221.mydomain.com-fd
FDport = 9102
WorkingDirectory = /var/spool/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
# Plugin Directory = /usr/lib64/bacula
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/web221.mydomain.com.crt
TLS Key = /etc/bacula/certs/web221.mydomain.com-daemon.key
TLS CA Certificate File = /etc/bacula/certs/cacert.pem
PKI Signatures = Yes# Enable Data Signing
PKI Encryption = Yes# Enable Data Encryption
PKI Keypair =
"/etc/bacula/bacula_disk_keys/fd-web221.mydomain.com.pem"# Public
and Private Keys
PKI Master Key = "/etc/bacula/bacula_disk_keys/master.cert"#
ONLY the Public Key
}
--
Wesley Render, Consultant
OtherData
www.otherdata.com
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Remote backup through NAT?
Just as a follow up, moving to 7.4.x solved the problem. The secret is FD
Storage Address.
For future searchers / Googlers:
The FD Storage Address is defined for a given client, and that client will
then use it to send all the storage requests to.
Thus:
If FD Storage Address is defined for a client:
a. It should show the WAN address for the firewall / border device to
your network
b. You must have port forwarding set appropriately
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com
From: Wanderlei Huttel [mailto:wanderleihut...@gmail.com]
Sent: Tuesday, January 26, 2016 4:32 PM
To: Michael Munger
Cc: bacula-users@lists.sourceforge.net
Subject: Re: [Bacula-users] Remote backup through NAT?
Hello Michael
I'm not sure if is it possible in older versions like yours.
Take a look below
--
New Features in 7.2.0
FD Storage Address
When the Director is behind a NAT, in a WAN area, to connect to the
StorageDaemon, the Director uses an ``external'' ip address, and the FileDaemon
should use an ``internal'' IP address to contact the StorageDaemon.
The normal way to handle this situation is to use a canonical name such as
``storage-server'' that will be resolved on the Director side as the WAN
address and on the Client side as the LAN address. This is now possible to
configure this parameter using the new directive FDStorageAddress in the
Storage or Client resource.
Storage {
Name = storage1
Address = 65.1.1.1
FD Storage Address = 10.0.0.1
SD Port = 9103
...
}
Client {
Name = client1
Address = 65.1.1.2
FD Storage Address = 10.0.0.1
FD Port = 9102
...
}
Note that using the Client FDStorageAddress directive will not allow to use
multiple Storage Daemon, all Backup or Restore requests will be sent to the
specified FDStorageAddress.
--
Bacula is already in 7.4.0 version.
It's highly recommended upgrading.
Best Regards
Wanderlei
2016-01-26 19:00 GMT-02:00 Michael Munger :
Hello everyone, this is my first time mailing this list, so guidance on
etiquette is welcomed.
TLDR; = I have a server outside the firewall (john-fd is on 173.165.161.165)
trying to backup to a storage daemon inside my LAN (d8-sd is on
192.168.250.202). I have port forwarded (in my Monowall) tcp/9103, and I can
successfully telnet from the remote server to the local sd. But, the console is
forever saying: "...waiting on storage file" when I run the job.
What I've done:
* Scoured the docs and tutorials
* Exhausted Google (and DuckDuckGo)
* Confirmed The software versions are all 5.6.2 (learned that one the hard way
dealing with a Windows client!)
* Shutdown bacula-sd and confirmed telnet no longer connects, and when I
restart bacula-sd it DOES connect.
* shutdown the firewall (everywhere - for testing) no joy
* opened 9101 and 9102 on our firewall and forwarded them to 192.168.250.202
just in case any bacula service wants to communicate.
* used netstat -tanop to watch the telnet connections come in from the remote
server to confirm that NAT is working properly.
What I think is going on:
D8-FD (the file director on the server where bacula-sd, the pools, and volumes
reside) can connect to the remote server, and can issue commands to run the
backup job. But, when the remote fd tries to connect back (through the firewall
from "outside -> in") to the storage daemon, it's failing - despite the fact
that the NAT is setup properly, and I can telnet through it.
That doesn't make sense to me because it should either work or be broken. So,
I'm thinking that if I can telnet to it, then the remote fd should also be able
to work with it. Nmap also shows the port as open and reachable.
How else can I troubleshoot this "waiting on storage" problem?
PS. I am about 18 hours in to working with Bacula. Fantastic product, but don't
be afraid to assume I have missed something rudimentary. I have two machines on
the LAN working and backing up, so I have had some success, but it's still
possible I've missed something simple...
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Re: [Bacula-users] Remote backup through NAT?
On 1/26/2016 5:08 PM, Michael Munger wrote:
Wanderlei:
Thanks for the reply!
I’ll upgrade. I was just using the Debian repo versions because that
was what was there.
I already had to downgrade the Windows client because it wouldn’t
connect to 5.6.2.
So, now, I’ll re-upgrade everything to 7.4
That's a good idea in any case. As for the remote server to be backed
up, I have had good results using OpenVPN tunneling. This allows the
remote server to be assigned an IP on the SD's LAN. To both SD and DIR
the remote server appears to be a local machine, and in addition the
traffic is already encrypted and requires no TLS setup in Bacula.
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com <mailto:mich...@highpoweredhelp.com>
*From:*Wanderlei Huttel [mailto:wanderleihut...@gmail.com]
*Sent:* Tuesday, January 26, 2016 4:32 PM
*To:* Michael Munger
*Cc:* bacula-users@lists.sourceforge.net
*Subject:* Re: [Bacula-users] Remote backup through NAT?
Hello Michael
I'm not sure if is it possible in older versions like yours.
Take a look below
--
New Features in 7.2.0
FD Storage Address
When the Director is behind a NAT, in a WAN area, to connect to the
StorageDaemon, the Director uses an ``external'' ip address, and the
FileDaemon should use an ``internal'' IP address to contact the
StorageDaemon.
The normal way to handle this situation is to use a canonical name
such as ``storage-server'' that will be resolved on the Director side
as the WAN address and on the Client side as the LAN address. This is
now possible to configure this parameter using the new directive
FDStorageAddress in the Storage or Client resource.
Storage {
Name = storage1
Address = 65.1.1.1
FD Storage Address = 10.0.0.1
SD Port = 9103
...
}
Client {
Name = client1
Address = 65.1.1.2
FD Storage Address = 10.0.0.1
FD Port = 9102
...
}
Note that using the Client FDStorageAddress directive will not allow
to use multiple Storage Daemon, all Backup or Restore requests will be
sent to the specified FDStorageAddress.
--
Bacula is already in 7.4.0 version.
It's highly recommended upgrading.
Best Regards
Wanderlei
2016-01-26 19:00 GMT-02:00 Michael Munger <mailto:mich...@highpoweredhelp.com>>:
Hello everyone, this is my first time mailing this list, so guidance
on etiquette is welcomed.
TLDR; = I have a server outside the firewall (john-fd is on
173.165.161.165) trying to backup to a storage daemon inside my LAN
(d8-sd is on 192.168.250.202). I have port forwarded (in my Monowall)
tcp/9103, and I can successfully telnet from the remote server to the
local sd. But, the console is forever saying: "...waiting on storage
file" when I run the job.
What I've done:
* Scoured the docs and tutorials
* Exhausted Google (and DuckDuckGo)
* Confirmed The software versions are all 5.6.2 (learned that one the
hard way dealing with a Windows client!)
* Shutdown bacula-sd and confirmed telnet no longer connects, and when
I restart bacula-sd it DOES connect.
* shutdown the firewall (everywhere - for testing) no joy
* opened 9101 and 9102 on our firewall and forwarded them to
192.168.250.202 just in case any bacula service wants to communicate.
* used netstat -tanop to watch the telnet connections come in from the
remote server to confirm that NAT is working properly.
What I think is going on:
D8-FD (the file director on the server where bacula-sd, the pools, and
volumes reside) can connect to the remote server, and can issue
commands to run the backup job. But, when the remote fd tries to
connect back (through the firewall from "outside -> in") to the
storage daemon, it's failing - despite the fact that the NAT is setup
properly, and I can telnet through it.
That doesn't make sense to me because it should either work or be
broken. So, I'm thinking that if I can telnet to it, then the remote
fd should also be able to work with it. Nmap also shows the port as
open and reachable.
How else can I troubleshoot this "waiting on storage" problem?
PS. I am about 18 hours in to working with Bacula. Fantastic product,
but don't be afraid to assume I have missed something rudimentary. I
have two machines on the LAN working and backing up, so I have had
some success, but it's still possible I've missed something simple...
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certi
Re: [Bacula-users] Remote backup through NAT?
Wanderlei:
Thanks for the reply!
I’ll upgrade. I was just using the Debian repo versions because that was what
was there.
I already had to downgrade the Windows client because it wouldn’t connect to
5.6.2.
So, now, I’ll re-upgrade everything to 7.4
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com<mailto:mich...@highpoweredhelp.com>
From: Wanderlei Huttel [mailto:wanderleihut...@gmail.com]
Sent: Tuesday, January 26, 2016 4:32 PM
To: Michael Munger
Cc: bacula-users@lists.sourceforge.net
Subject: Re: [Bacula-users] Remote backup through NAT?
Hello Michael
I'm not sure if is it possible in older versions like yours.
Take a look below
--
New Features in 7.2.0
FD Storage Address
When the Director is behind a NAT, in a WAN area, to connect to the
StorageDaemon, the Director uses an ``external'' ip address, and the FileDaemon
should use an ``internal'' IP address to contact the StorageDaemon.
The normal way to handle this situation is to use a canonical name such as
``storage-server'' that will be resolved on the Director side as the WAN
address and on the Client side as the LAN address. This is now possible to
configure this parameter using the new directive FDStorageAddress in the
Storage or Client resource.
Storage {
Name = storage1
Address = 65.1.1.1
FD Storage Address = 10.0.0.1
SD Port = 9103
...
}
Client {
Name = client1
Address = 65.1.1.2
FD Storage Address = 10.0.0.1
FD Port = 9102
...
}
Note that using the Client FDStorageAddress directive will not allow to use
multiple Storage Daemon, all Backup or Restore requests will be sent to the
specified FDStorageAddress.
--
Bacula is already in 7.4.0 version.
It's highly recommended upgrading.
Best Regards
Wanderlei
2016-01-26 19:00 GMT-02:00 Michael Munger
mailto:mich...@highpoweredhelp.com>>:
Hello everyone, this is my first time mailing this list, so guidance on
etiquette is welcomed.
TLDR; = I have a server outside the firewall (john-fd is on 173.165.161.165)
trying to backup to a storage daemon inside my LAN (d8-sd is on
192.168.250.202). I have port forwarded (in my Monowall) tcp/9103, and I can
successfully telnet from the remote server to the local sd. But, the console is
forever saying: "...waiting on storage file" when I run the job.
What I've done:
* Scoured the docs and tutorials
* Exhausted Google (and DuckDuckGo)
* Confirmed The software versions are all 5.6.2 (learned that one the hard way
dealing with a Windows client!)
* Shutdown bacula-sd and confirmed telnet no longer connects, and when I
restart bacula-sd it DOES connect.
* shutdown the firewall (everywhere - for testing) no joy
* opened 9101 and 9102 on our firewall and forwarded them to 192.168.250.202
just in case any bacula service wants to communicate.
* used netstat -tanop to watch the telnet connections come in from the remote
server to confirm that NAT is working properly.
What I think is going on:
D8-FD (the file director on the server where bacula-sd, the pools, and volumes
reside) can connect to the remote server, and can issue commands to run the
backup job. But, when the remote fd tries to connect back (through the firewall
from "outside -> in") to the storage daemon, it's failing - despite the fact
that the NAT is setup properly, and I can telnet through it.
That doesn't make sense to me because it should either work or be broken. So,
I'm thinking that if I can telnet to it, then the remote fd should also be able
to work with it. Nmap also shows the port as open and reachable.
How else can I troubleshoot this "waiting on storage" problem?
PS. I am about 18 hours in to working with Bacula. Fantastic product, but don't
be afraid to assume I have missed something rudimentary. I have two machines on
the LAN working and backing up, so I have had some success, but it's still
possible I've missed something simple...
Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
mich...@highpoweredhelp.com<mailto:mich...@highpoweredhelp.com>
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.dou
Re: [Bacula-users] Remote backup through NAT?
Hello Michael
I'm not sure if is it possible in older versions like yours.
Take a look below
--
New Features in 7.2.0
FD Storage Address
When the Director is behind a NAT, in a WAN area, to connect to the
StorageDaemon, the Director uses an ``external'' ip address, and the
FileDaemon should use an ``internal'' IP address to contact the
StorageDaemon.
The normal way to handle this situation is to use a canonical name such as
``storage-server'' that will be resolved on the Director side as the WAN
address and on the Client side as the LAN address. This is now possible to
configure this parameter using the new directive FDStorageAddress in the
Storage or Client resource.
Storage {
Name = storage1
Address = 65.1.1.1
FD Storage Address = 10.0.0.1
SD Port = 9103
...
}
Client {
Name = client1
Address = 65.1.1.2
FD Storage Address = 10.0.0.1
FD Port = 9102
...
}
Note that using the Client FDStorageAddress directive will not allow to use
multiple Storage Daemon, all Backup or Restore requests will be sent to the
specified FDStorageAddress.
--
Bacula is already in 7.4.0 version.
It's highly recommended upgrading.
Best Regards
Wanderlei
2016-01-26 19:00 GMT-02:00 Michael Munger :
> Hello everyone, this is my first time mailing this list, so guidance on
> etiquette is welcomed.
>
> TLDR; = I have a server outside the firewall (john-fd is on
> 173.165.161.165) trying to backup to a storage daemon inside my LAN (d8-sd
> is on 192.168.250.202). I have port forwarded (in my Monowall) tcp/9103,
> and I can successfully telnet from the remote server to the local sd. But,
> the console is forever saying: "...waiting on storage file" when I run the
> job.
>
> What I've done:
> * Scoured the docs and tutorials
> * Exhausted Google (and DuckDuckGo)
> * Confirmed The software versions are all 5.6.2 (learned that one the hard
> way dealing with a Windows client!)
> * Shutdown bacula-sd and confirmed telnet no longer connects, and when I
> restart bacula-sd it DOES connect.
> * shutdown the firewall (everywhere - for testing) no joy
> * opened 9101 and 9102 on our firewall and forwarded them to
> 192.168.250.202 just in case any bacula service wants to communicate.
> * used netstat -tanop to watch the telnet connections come in from the
> remote server to confirm that NAT is working properly.
>
> What I think is going on:
> D8-FD (the file director on the server where bacula-sd, the pools, and
> volumes reside) can connect to the remote server, and can issue commands to
> run the backup job. But, when the remote fd tries to connect back (through
> the firewall from "outside -> in") to the storage daemon, it's failing -
> despite the fact that the NAT is setup properly, and I can telnet through
> it.
>
> That doesn't make sense to me because it should either work or be broken.
> So, I'm thinking that if I can telnet to it, then the remote fd should also
> be able to work with it. Nmap also shows the port as open and reachable.
>
> How else can I troubleshoot this "waiting on storage" problem?
>
> PS. I am about 18 hours in to working with Bacula. Fantastic product, but
> don't be afraid to assume I have missed something rudimentary. I have two
> machines on the LAN working and backing up, so I have had some success, but
> it's still possible I've missed something simple...
>
> Michael Munger, dCAP, MCPS, MCNPS, MBSS
> High Powered Help, Inc.
> Microsoft Certified Professional
> Microsoft Certified Small Business Specialist
> Digium Certified Asterisk Professional
> mich...@highpoweredhelp.com
>
>
>
> --
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Remote backup through NAT?
Hello everyone, this is my first time mailing this list, so guidance on etiquette is welcomed. TLDR; = I have a server outside the firewall (john-fd is on 173.165.161.165) trying to backup to a storage daemon inside my LAN (d8-sd is on 192.168.250.202). I have port forwarded (in my Monowall) tcp/9103, and I can successfully telnet from the remote server to the local sd. But, the console is forever saying: "...waiting on storage file" when I run the job. What I've done: * Scoured the docs and tutorials * Exhausted Google (and DuckDuckGo) * Confirmed The software versions are all 5.6.2 (learned that one the hard way dealing with a Windows client!) * Shutdown bacula-sd and confirmed telnet no longer connects, and when I restart bacula-sd it DOES connect. * shutdown the firewall (everywhere - for testing) no joy * opened 9101 and 9102 on our firewall and forwarded them to 192.168.250.202 just in case any bacula service wants to communicate. * used netstat -tanop to watch the telnet connections come in from the remote server to confirm that NAT is working properly. What I think is going on: D8-FD (the file director on the server where bacula-sd, the pools, and volumes reside) can connect to the remote server, and can issue commands to run the backup job. But, when the remote fd tries to connect back (through the firewall from "outside -> in") to the storage daemon, it's failing - despite the fact that the NAT is setup properly, and I can telnet through it. That doesn't make sense to me because it should either work or be broken. So, I'm thinking that if I can telnet to it, then the remote fd should also be able to work with it. Nmap also shows the port as open and reachable. How else can I troubleshoot this "waiting on storage" problem? PS. I am about 18 hours in to working with Bacula. Fantastic product, but don't be afraid to assume I have missed something rudimentary. I have two machines on the LAN working and backing up, so I have had some success, but it's still possible I've missed something simple... Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small Business Specialist Digium Certified Asterisk Professional mich...@highpoweredhelp.com -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
