Hello, On 21.10.2005 16:24, Timo Neuvonen wrote:
I just added into my system another file daemon to be baked up. This new client is dilbert-fd, which is located in the dmz network segment of a SonicWall firewall, while the director and the storage daemon are on the lan network segment. By default, all traffic from lan to dmz is allowed. I also made a firewall rule to open the port 9103 from dmz to the director. There are tcp and udp protocols to choose from in the rules (I chose tcp), which one would be the correct one to use in the rule that is expected to allow the file daemon to communicate with storage daemon?
TCP
Now, when I start a backup job, everything seems to be running nicely. Until... 21-Oct 16:16 dogbert-dir: Nightly_Backup_-Dilbert.2005-10-21_16.01.35 Fatal error: Network error with FD during Backup: ERR=Connection reset by peer 21-Oct 16:17 dogbert-dir: Nightly_Backup_-Dilbert.2005-10-21_16.01.35 Fatal error: No Job status returned from FD. I tried this several times. It kept taking appr. 15 minutes, until the backup job always terminates with this error: After investigating the firewall rules, the default rule for traffic from lan to dmz had 15 minute "Inactivity Timeout". To be quite honest, I don't know what this exactly means. Anyway, I changed this to 5 minutes, and then the same error started appear in 5 minutes. Of course, I need to find out what this timeout means, but now I'm wondering what kind of connection used by Bacula causes this? Is there a connection from director to file daemon that is opened at the beginning of the job, but there is no traffic anyway?
The DIR and the FD communicate, too. There is some sort of a description in the manual...
I wouldn't like to change this timeout permanently to any very long time, unless I really know it is necessary...
Have you tried the Hearbeat interval setting in the configurations of all involved servers?
Which way to go on now?
Well, there _are_ people who say that a router (and a firewall *should* behave just like a router in case of an allowed connection...) must not close existing connections :-)
I'd tweak the timeout setting in the firewall and use a heartbeat setting in the daemons. You've got to find the right combination of settings for your environment, but that shouldn't be really hard.
Arno
Regards, Timo ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
-- IT-Service Lehmann [EMAIL PROTECTED] Arno Lehmann http://www.its-lehmann.de ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
