Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Added documentation for the LanAddress directive
  • Loading branch information
sduehr authored and joergsteffens committed Apr 21, 2017
1 parent 640fcbc commit 46b3f00
Show file tree
Hide file tree
Showing 4 changed files with 122 additions and 0 deletions.
1 change: 1 addition & 0 deletions manuals/en/main/bareos-manual-main-reference.tex
Expand Up @@ -208,6 +208,7 @@ \chapter{Volume Management}
\chapter{Network setup}
\input{client-initiated-connection}
\input{passiveclient}
\input{lanaddress}

\include{tls}
\include{dataencryption}
Expand Down
15 changes: 15 additions & 0 deletions manuals/en/main/director-resource-client-definitions.tex
Expand Up @@ -243,3 +243,18 @@
Only used for the non Native protocols at the moment.

}

\defDirective{Dir}{Client}{Lan Address}{}{}{%
This parameter is needed to support a network topology where client and storage are
situated inside of a LAN, but the Director is outside of that LAN in the internet
and accesses SD and FD via SNAT or port forwarding.

Only if this parameter is present in both the involved Client and Storage resources,
the Director will send the specified IP address or hostname to the FD or SD (when
using passive client).

See chapter \nameref{LanAddress} for more details.

}


14 changes: 14 additions & 0 deletions manuals/en/main/director-resource-storage-definitions.tex
Expand Up @@ -228,3 +228,17 @@

\defDirective{Dir}{Storage}{Username}{}{}{%
}

\defDirective{Dir}{Storage}{Lan Address}{}{}{%
This parameter is needed to support a network topology where client and storage are
situated inside of a LAN, but the Director is outside of that LAN in the internet
and accesses SD and FD via SNAT or port forwarding.

Only if this parameter is present in both the involved Client and Storage resources,
the Director will send the specified IP address or hostname to the FD or SD (when
using passive client).

See chapter \nameref{LanAddress} for more details.

}

92 changes: 92 additions & 0 deletions manuals/en/main/lanaddress.tex
@@ -0,0 +1,92 @@
\section{Using different IP Adresses for SD -- FD Communication}
\label{LanAddress}
\index[general]{Lan Address}

The \configdirective{Lan Address} configuration directive is needed to support a network
topology where client and storage are situated inside of a LAN, but the Director is
outside of that LAN in the internet and accesses SD and FD via SNAT / port forwarding.

Consider the following scheme:

\begin{commands}{}
/-------------------\
| | LAN 10.0.0.1/24
| |
| FD_LAN SD_LAN |
| .10 .20 |
| |
\___________________/
|
NAT Firewall
FD: 8.8.8.10 -> 10.0.0.10
SD: 8.8.8.20 -> 10.0.0.20
|
/-------------------\
| |
| | WAN / Internet
| DIR |
| 8.8.8.100 |
| |
| FD_WAN SD_WAN |
| .30 .40 |
\___________________/
\end{commands}

The director can access the FD\_LAN via the IP 8.8.8.10, which is
forwarded to the IP 10.0.0.10 inside of the LAN.

The director can access the SD\_LAN via the IP 8.8.8.20 which is
forwarded to the IP 10.0.0.20 inside of the LAN.

There is also a FD and a SD outside of the LAN, which have the IPs
8.8.8.30 and 8.8.8.40

All resources are configured so that the \configdirective{Address} directive gets the
Address where the Director can reach the daemons.

Additionally, devices being in the LAN get the LAN address configured in
the \configdirective{LanAddress} directive:

The configuration looks as follows:

\begin{bconfig}{bareos-dir.conf}
Client {
Name = FD_LAN
Address = 8.8.8.10
LanAddress = 10.0.0.10
...
}

Storage {
Name = SD_LAN
Address = 8.8.8.20
LanAddress = 10.0.0.20
...
}

Client {
Name = FD_WAN
Address = 8.8.8.30
...
}

Storage {
Name = SD_WAN
Address = 8.8.8.40
...
}
\end{bconfig}

This way, backups and restores from each FD using each SD are possible
as long as the firewall allows the needed network connections.

The director simply checks if both the involved client and storage
both have a \configdirective{LanAddress} configured.

In that case, the initiating daemon is ordered to connect to the \configdirective{LanAddress}
instead of the \configdirective{Address}. (In active client mode, the FD connects to the SD, in
passive client mode the SD connects to the FD).

If only one or none of the involved client and storage have a \configdirective{LanAddress}
configured, the \configdirective{Address} is used as connection target for the
initiating daemon.

0 comments on commit 46b3f00

Please sign in to comment.