On 5 Oct 2006 at 16:29, James Ray wrote:
> Dan Langille wrote:
> > On 5 Oct 2006 at 15:36, James Ray wrote:
> >
> >> Dan Langille wrote:
> >>> On 5 Oct 2006 at 9:11, Bill Moran wrote:
> >>>
> >>>> I haven't had time to investigate whether the [FD|SD|DIR]Address sets
> >>>> both the listening and the outgoing address, but a firewall audit is
> >>>> on the TODO list, and when I finally get to it, I'll have to address
> >>>> this for a number of services, not only Bacula.
> >>> My testing today shows that is sets both listening and outgoing. All
> >>> I tested was a status command. Nothing more.
> >>>
> >>>
> >> Well, that doesn't seem to be the case on my linux (FC5) machine. :(
> >>
> >> The LISTEN addresses are right but the address the communications spawn
> >> from is the base system address.
> >>
> >> tcp 0 0 xxx.xxx.x.49:9101 0.0.0.0:*
> >> LISTEN 100 9291 3056/bacula-dir
> >> tcp 0 0 xxx.xxx.x.49:9103 0.0.0.0:*
> >> LISTEN 0 9239 3011/bacula-sd
> >>
> >> Then run a status client command with the following ngrep running (I
> >> shouldn't see any data)
> >>
> >> [EMAIL PROTECTED] bacula]# ngrep "" "src host xxx.xxx.x.48 and dst host
> >> xxx.xxx.x.3"
> >> interface: eth0 (xxx.xxx.x.0/255.255.254.0)
> >> filter: (ip) and ( src host xxx.xxx.x.48 and dst host xxx.xxx.x.3 )
> >> 114 received, 0 dropped
> >>
> >> And I see the following in netstat:
> >>
> >> tcp 0 0 xxx.xxx.x.48:53286 xxx.xxx.x.3:9102
> >> TIME_WAIT 0 0 -
> >>
> >> :(
> >
> > Without the corrresponding configuration file, I cannot comment.
> >
>
> Director{} resource from bacula-dir.conf
> Director { # define myself
> Name = bacula-dir
> DIRport = 9101 # where we listen for UA connections
> QueryFile = "/etc/bacula/query.sql"
> WorkingDirectory = "/var/bacula/working"
> PidDirectory = "/var/bacula/run"
> Maximum Concurrent Jobs = 8
> Password = <REMOVED> # Console password
> Messages = Daemon
> DirAddress = xxx.xxx.x.49
> }
This tells the FD that only the given DIR may connect. This does not
tell the FD where it should listen. To tell the FD how to listen,
here is what I did:
FileDaemon {
Name = ngaio-fd
FDport = 9102
WorkingDirectory = /home/bacula/db
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
FDAddress = 192.168.0.68;
}
This is an extract from the bacula-fd.conf file.
The FDAddress directive tells the FD to listen (and answer) only on
that given address.
I think you know what to do now... ;)
--
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
