Re: [Bacula-users] Bacula Client Behind NAT
On 10/17/22 13:14, Rodrigo Reimberg via Bacula-users wrote: > Telnet from DIR to FD on port 9102 not ok, I’m using ConnectToDirector parameter. Hello Rodrigo, Of course this will not work. The client is behind NAT, and the Director cannot connect to it on port 9102 (or any other port :). As you know, with the 'ConnectToDirector' feature enabled, the FD calls into the Dir on port 9101 (default). There is no requirement to set any connection Schedule. The Client will remain connected until the `ReconnectionTime` is reached (default 40 mins), at which point the connection will be dropped and immediately re-established. Per the documentation, this FD -> DIR connection *should be* used for all communications between the Director and this client: 8< ConnectToDirector = When the ConnectToDirector directive is set to true, the Client will contact the Director according to the rules. The connection initiated by the Client will be then used by the Director to start jobs or issue bconsole commands. 8< I just ran some tests, and it looks like there is a bug. Look: 8< *s client=speedy-fd Connecting to Client speedy-fd at speedy.revpol.com:9102 <-- speedy-fd Version: 13.0.1 (05 August 2022) x86_64-pc-linux-gnu archlinux Daemon started 17-Oct-22 17:55. Jobs: run=0 running=0. Heap: heap=294,912 smbytes=256,160 max_bytes=256,307 bufs=125 max_bufs=126 Sizes: boffset_t=8 size_t=8 debug=0 trace=0 mode=0,0 bwlimit=0kB/s Crypto: fips=N/A crypto=OpenSSL 1.1.1q 5 Jul 2022 Running Jobs: Director connected using TLS at: 17-Oct-22 17:57 No Jobs running. Terminated Jobs: 8< The Director is clearly connecting to the FD on port 9102/TCP for the status client command. I see the same behavior for an estimate command: 8< *est listing job=SpeedyVMs Using Catalog "RevpolCatalog" Connecting to Client speedy-fd at speedy.revpol.com:9102 <--- 8< Give me a bit of time to set up a better test environment, and run some tests with packet captures. If this is doing what I think it is, I will open a bug report. Best regards, Bill -- Bill Arlofski w...@protonmail.com signature.asc Description: OpenPGP digital signature ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Bacula Client Behind NAT
Telnet from FD to SD on port 9103 -> it’s OK
Telnet from FD to DIR on port 9101 -> It’s OK
Telnet from DIR to FD on port 9102 not ok, I’m using ConnectToDirector
parameter.
From: Josh Fisher via Bacula-users
Sent: segunda-feira, 17 de outubro de 2022 09:01
To: bacula-users@lists.sourceforge.net
Subject: Re: [Bacula-users] Bacula Client Behind NAT
On 10/16/22 11:44, Rodrigo Reimberg via Bacula-users wrote:
Hello,
Can someone help me?
I did the configuration of the client behind nat.
The client is communicating with the director as there is no error in the
"working" directory.
When I access bconsole in the director and run the status client command, the
timeout error occurs.
Because the status client command is the opposite direction, director
contacting client.
I have a question, does the storage need to be public too?
Below the configuration files:
bacula-fd.conf
Director {
Name = man-ind-1004-dir
Password = " "# Director must know this password
Address = public-IP # Director address to connect
Connect To Director = yes # FD will call the Director
}
bacula-dir.conf
Client {
Name = "gfwv-brerpsql01-fd"
Password = ""
Catalog = "MyCatalog"
AllowFDConnections = yes
}
From: Jose Alberto
Sent: domingo, 5 de dezembro de 2021 11:20
To: Wanderlei Huttel
Cc: bacula-users@lists.sourceforge.net
Subject: Re: [Bacula-users] Bacula Client Behind NAT
When Run JOB:
Bacula-dir FD 9102
and
FD >> SD 9103 (NAT) with DNS or IP Public.
try telnet from client fd to IP or DNS port 9103 ,connect?
On Thu, Dec 2, 2021 at 10:59 AM Wanderlei Huttel mailto:wanderleihut...@gmail.com> > wrote:
I'm trying to configure the new feature in in Bacula, but manual is not clear
about it.
https://www.bacula.org/11.0.x-manuals/en/main/New_Features_in_11_0_0.html#SECTION00230
In the company have some employees that sometimes are working at home with
their laptops and the most of time are working internal
So, I've thought include "Client Behind Nat" to backup their laptops when they
are remote
1) I've create 2 rules in Firewall to forward ports 9101 and 9103 from FW
Server to Bacula Server (The connection it looks OK)
2) I've configured the laptop client (bacula-fd.conf)
Director {
Name = bacula-dir
Password = "mypassword"
Address = mydomain.com
Connect To Director = yes
}
3) In bacula-dir.conf on client-XXX I've configured the option:
Allow FD Connections = yes
Should I include "FD Storage Address = mydomain.com " to
backup when the employee is remote?
4) If I want to modify the ports from client behind NAT connect, how to do? Is
possible?
5) This Kind of configuration will work when the employee is in the local
network or in remote network?
I've made a test and didn't worked using the configuration like manual and
didn't worked.
==
2021-12-02 11:45:02 bacula-dir JobId 28304: Start Backup JobId 28304,
Job=Backup_Maquina_Remota.2021-12-02_11.45.00_03
2021-12-02 11:45:02 bacula-dir JobId 28304: Using Device "DiscoLocal1" to
write.
2021-12-02 11:48:02 bacula-dir JobId 28304: Fatal error: No Job status
returned from FD.
2021-12-02 11:48:02 bacula-dir JobId 28304: Error: Bacula bacula-dir 11.0.5
(03Jun21):
Build OS: x86_64-pc-linux-gnu debian 9.13
JobId: 28304
Job:Backup_Maquina_Remota.2021-12-02_11.45.00_03
Backup Level: Incremental, since=2021-12-01 17:30:01
Client: "remota-fd" 11.0.5 (03Jun21) Microsoft Windows 8
Professional (build 9200), 64-bit,Cross-compile,Win64
FileSet:"FileSet_Remota" 2015-03-12 16:05:45
Pool: "Diaria" (From Run Pool override)
Catalog:"MyCatalog" (From Client resource)
Storage:"StorageLocal1" (From Pool resource)
Scheduled time: 02-Dec-2021 11:45:00
Start time: 02-Dec-2021 11:45:02
End time: 02-Dec-2021 11:48:02
Elapsed time: 3 mins
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 80
Volume Session Time:1637867221
Last Volume Bytes: 2,064,348,469 (2.064 GB)
Non-fatal FD errors:1
SD
Re: [Bacula-users] VirtualFull, file storage, rsnapshot-like...
On 10/16/22 12:21, Marco Gaiarin wrote: Mandi! Radosław Korzeniewski In chel di` si favelave... ... I do not understand your requirements. What is an "initial backup" you want to make? Are you referring to the first Full backup which has to be executed on the client? Exactly. VirtualFull can be (at least for me) a very good way to backup 6TB data on a 10 Mbit/s link, because data vary low. But still i need a way to do the first full... If the client is on the other end of a 10Mbps link, then the options are to make the initial full backup over the slow link or temporarily move the client to the site where Dir/SD runs just to make the initial full backup. Another more convoluted way that doesn't involve moving the client machine or taking it offline for a long time is: Clone the client's data disks, making sure that the filesystem UUIDs are identical, and take them to the server's site Create a basic VM and install bacula client, using the same client config as the real client Attach the cloned disks to the VM, making sure that they are mounted at the same mountpoints as the real client. Alter the Director's config for the client to reflect the VM's address Run a full backup of the VM Change the Director's config for the client back to the client's real address The first incremental backup will be larger than normal because the basic VM's root partition isn't a clone of the real client, but I assume that most of the data is on the cloned disk partitions. ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Bacula Client Behind NAT
On 10/16/22 11:44, Rodrigo Reimberg via Bacula-users wrote:
Hello,
Can someone help me?
I did the configuration of the client behind nat.
The client is communicating with the director as there is no error in
the "working" directory.
When I access bconsole in the director and run the status client
command, the timeout error occurs.
Because the status client command is the opposite direction, director
contacting client.
I have a question, does the storage need to be public too?
Below the configuration files:
bacula-fd.conf
Director {
Name = man-ind-1004-dir
Password = " " # Director must know this
password
Address = public-IP # Director address to connect
Connect To Director = yes # FD will call the Director
}
bacula-dir.conf
Client {
Name = "gfwv-brerpsql01-fd"
Password = ""
Catalog = "MyCatalog"
AllowFDConnections = yes
}
*From:*Jose Alberto
*Sent:* domingo, 5 de dezembro de 2021 11:20
*To:* Wanderlei Huttel
*Cc:* bacula-users@lists.sourceforge.net
*Subject:* Re: [Bacula-users] Bacula Client Behind NAT
When Run JOB:
Bacula-dir FD 9102
and
FD >> SD 9103 (NAT) with DNS or IP
Public.
try telnet from client fd to IP or DNS port 9103 , connect?
On Thu, Dec 2, 2021 at 10:59 AM Wanderlei Huttel
wrote:
I'm trying to configure the new feature in in Bacula, but manual
is not clear about it.
https://www.bacula.org/11.0.x-manuals/en/main/New_Features_in_11_0_0.html#SECTION00230
In the company have some employees that sometimes are working at
home with their laptops and the most of time are working internal
So, I've thought include "Client Behind Nat" to backup their
laptops when they are remote
1) I've create 2 rules in Firewall to forward ports 9101 and 9103
from FW Server to Bacula Server (The connection it looks OK)
2) I've configured the laptop client (bacula-fd.conf)
Director {
Name = bacula-dir
Password = "mypassword"
Address = mydomain.com
Connect To Director = yes
}
3) In bacula-dir.conf on client-XXX I've configured the option:
Allow FD Connections = yes
Should I include "FD Storage Address = mydomain.com
" to backup when the employee is remote?
4) If I want to modify the ports from client behind NAT connect,
how to do? Is possible?
5) This Kind of configuration will work when the employee is in
the local network or in remote network?
I've made a test and didn't worked using the configuration like
manual and didn't worked.
==
2021-12-02 11:45:02 bacula-dir JobId 28304: Start Backup JobId
28304, Job=Backup_Maquina_Remota.2021-12-02_11.45.00_03
2021-12-02 11:45:02 bacula-dir JobId 28304: Using Device
"DiscoLocal1" to write.
2021-12-02 11:48:02 bacula-dir JobId 28304: Fatal error: No Job
status returned from FD.
2021-12-02 11:48:02 bacula-dir JobId 28304: Error: Bacula
bacula-dir 11.0.5 (03Jun21):
Build OS: x86_64-pc-linux-gnu debian 9.13
JobId: 28304
Job: Backup_Maquina_Remota.2021-12-02_11.45.00_03
Backup Level: Incremental, since=2021-12-01 17:30:01
Client: "remota-fd" 11.0.5 (03Jun21) Microsoft
Windows 8 Professional (build 9200), 64-bit,Cross-compile,Win64
FileSet: "FileSet_Remota" 2015-03-12 16:05:45
Pool: "Diaria" (From Run Pool override)
Catalog: "MyCatalog" (From Client resource)
Storage: "StorageLocal1" (From Pool resource)
Scheduled time: 02-Dec-2021 11:45:00
Start time: 02-Dec-2021 11:45:02
End time: 02-Dec-2021 11:48:02
Elapsed time: 3 mins
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 80
Volume Session Time: 1637867221
Last Volume Bytes: 2,064,348,469 (2.064 GB)
Non-fatal FD errors: 1
SD Errors: 0
FD termination status: Error
SD termination status: Waiting on FD
Termination: *** Backup Error ***
2021-12-02 11:48:02 bacula-dir JobId 28304: shell command: run
AfterJob "/etc/bacula/scripts/_webacula_update_filesize.sh 28304
Backup Error"
2021-12-02 11:48:02 bacula-dir JobId 28304: AfterJob: The
JobSize and FileSize of JobId 28304 were updated
