Greetings Moved a machine into a dmz behind a pix515e firewall. Created a rule to allow the fd to connect to the sd and it seems to work, except for one little peculiarity on a larger backup job.
On a server that backs up about 60GB, it fails at the very tail end of the backup. The firewall log is showing that it is tearing down the tcp connection due to a TCP Reset-I then denying the connection a bit later. I'm not finding much I can do in the firewall to solve the issue. I was contemplating putting a direct connection cable beween the fd and the sd to solve this. (Darn cisco, if this firewall was iptables, a solution would be easy) Anybody have any other ideas?? Thanks in advance for any assistance. Dirk Here is the log from the job: Fatal error: fd_cmds.c:181 FD command not found: ??? +????'l8?^B???k???&F???N&!?^]???m?????x??+???f??^?u" Job zimbra.2009-06-22_21.31.27_22 marked to be canceled. 2009-06-22 23:31:27 centos2-dir Fatal error: Network error with FD during Backup: ERR=Connection reset by peer 2009-06-22 23:31:32 centos2-dir Error: Bacula centos2-dir 3.0.2 (25May09): 22-Jun-2009 23:31:32 Build OS: x86_64-pc-linux-gnu redhat JobId: 652 Job: zimbra.2009-06-22_21.31.27_22 Backup Level: Full Client: "mail2-fd" 3.0.2 (25May09) x86_64-unknown-linux-gnu,redhat, FileSet: "ZimbraSet" 2009-06-20 02:00:00 Pool: "LTO_OddWeekend" (From User input) Catalog: "MyCatalog" (From Client resource) Storage: "LTO" (From Pool resource) Scheduled time: 22-Jun-2009 21:31:19 Start time: 22-Jun-2009 21:31:29 End time: 22-Jun-2009 23:31:32 Elapsed time: 2 hours 3 secs Priority: 10 FD Files Written: 0 SD Files Written: 0 FD Bytes Written: 0 (0 B) SD Bytes Written: 0 (0 B) Rate: 0.0 KB/s Software Compression: None VSS: no Encryption: no Accurate: no Volume name(s): MAIL_ODD_2_ Volume Session Id: 84 Volume Session Time: 1245086595 Last Volume Bytes: 58,996,224,000 (58.99 GB) Non-fatal FD errors: 0 SD Errors: 0 FD termination status: Error SD termination status: Error Termination: *** Backup Error *** Fatal error: No Job status returned from FD. And here is a snippet of a log from the pix-515e firewall: Jun 22 21:29:54 Jun 22 2009 21:27:44 pix-kzo-515e : %PIX-6-302013: Built inbound TCP connection 3896095 for dmz:DMZ-SMTP2/52584 (DMZ-SMTP2/52584) to inside:Inside-centos6/9103 (Inside-centos6/9103) Jun 22 23:30:02 Jun 22 2009 23:27:52 pix-kzo-515e : %PIX-6-302014: Teardown TCP connection 3896095 for dmz:DMZ-SMTP2/52584 to inside:Inside-centos6/9103 duration 2:00:12 bytes 3906499625 TCP Reset-I Jun 22 23:30:13 Jun 22 2009 23:28:03 pix-kzo-515e : %PIX-6-106015: Deny TCP (no connection) from DMZ-SMTP2/54396 to Inside-centos6/9103 flags RST ACK on interface dmz ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
