From 46b3f00281826f670f899d192680f15149bba5a5 Mon Sep 17 00:00:00 2001 From: Stephan Duehr Date: Thu, 23 Mar 2017 15:45:04 +0100 Subject: [PATCH] Added documentation for the LanAddress directive --- .../en/main/bareos-manual-main-reference.tex | 1 + .../director-resource-client-definitions.tex | 15 +++ .../director-resource-storage-definitions.tex | 14 +++ manuals/en/main/lanaddress.tex | 92 +++++++++++++++++++ 4 files changed, 122 insertions(+) create mode 100644 manuals/en/main/lanaddress.tex diff --git a/manuals/en/main/bareos-manual-main-reference.tex b/manuals/en/main/bareos-manual-main-reference.tex index a6c15cbc517..9f25ea4d778 100644 --- a/manuals/en/main/bareos-manual-main-reference.tex +++ b/manuals/en/main/bareos-manual-main-reference.tex @@ -208,6 +208,7 @@ \chapter{Volume Management} \chapter{Network setup} \input{client-initiated-connection} \input{passiveclient} + \input{lanaddress} \include{tls} \include{dataencryption} diff --git a/manuals/en/main/director-resource-client-definitions.tex b/manuals/en/main/director-resource-client-definitions.tex index 2aab056839b..5c62493dd4d 100644 --- a/manuals/en/main/director-resource-client-definitions.tex +++ b/manuals/en/main/director-resource-client-definitions.tex @@ -243,3 +243,18 @@ Only used for the non Native protocols at the moment. } + +\defDirective{Dir}{Client}{Lan Address}{}{}{% +This parameter is needed to support a network topology where client and storage are +situated inside of a LAN, but the Director is outside of that LAN in the internet +and accesses SD and FD via SNAT or port forwarding. + +Only if this parameter is present in both the involved Client and Storage resources, +the Director will send the specified IP address or hostname to the FD or SD (when +using passive client). + +See chapter \nameref{LanAddress} for more details. + +} + + diff --git a/manuals/en/main/director-resource-storage-definitions.tex b/manuals/en/main/director-resource-storage-definitions.tex index 967ffb1ddff..23af6046432 100644 --- a/manuals/en/main/director-resource-storage-definitions.tex +++ b/manuals/en/main/director-resource-storage-definitions.tex @@ -228,3 +228,17 @@ \defDirective{Dir}{Storage}{Username}{}{}{% } + +\defDirective{Dir}{Storage}{Lan Address}{}{}{% +This parameter is needed to support a network topology where client and storage are +situated inside of a LAN, but the Director is outside of that LAN in the internet +and accesses SD and FD via SNAT or port forwarding. + +Only if this parameter is present in both the involved Client and Storage resources, +the Director will send the specified IP address or hostname to the FD or SD (when +using passive client). + +See chapter \nameref{LanAddress} for more details. + +} + diff --git a/manuals/en/main/lanaddress.tex b/manuals/en/main/lanaddress.tex new file mode 100644 index 00000000000..206e3adc0c5 --- /dev/null +++ b/manuals/en/main/lanaddress.tex @@ -0,0 +1,92 @@ + \section{Using different IP Adresses for SD -- FD Communication} + \label{LanAddress} + \index[general]{Lan Address} + +The \configdirective{Lan Address} configuration directive is needed to support a network +topology where client and storage are situated inside of a LAN, but the Director is +outside of that LAN in the internet and accesses SD and FD via SNAT / port forwarding. + +Consider the following scheme: + +\begin{commands}{} + /-------------------\ + | | LAN 10.0.0.1/24 + | | + | FD_LAN SD_LAN | + | .10 .20 | + | | + \___________________/ + | + NAT Firewall + FD: 8.8.8.10 -> 10.0.0.10 + SD: 8.8.8.20 -> 10.0.0.20 + | + /-------------------\ + | | + | | WAN / Internet + | DIR | + | 8.8.8.100 | + | | + | FD_WAN SD_WAN | + | .30 .40 | + \___________________/ + \end{commands} + +The director can access the FD\_LAN via the IP 8.8.8.10, which is +forwarded to the IP 10.0.0.10 inside of the LAN. + +The director can access the SD\_LAN via the IP 8.8.8.20 which is +forwarded to the IP 10.0.0.20 inside of the LAN. + +There is also a FD and a SD outside of the LAN, which have the IPs +8.8.8.30 and 8.8.8.40 + +All resources are configured so that the \configdirective{Address} directive gets the +Address where the Director can reach the daemons. + +Additionally, devices being in the LAN get the LAN address configured in +the \configdirective{LanAddress} directive: + +The configuration looks as follows: + +\begin{bconfig}{bareos-dir.conf} +Client { + Name = FD_LAN + Address = 8.8.8.10 + LanAddress = 10.0.0.10 + ... +} + +Storage { + Name = SD_LAN + Address = 8.8.8.20 + LanAddress = 10.0.0.20 + ... +} + +Client { + Name = FD_WAN + Address = 8.8.8.30 + ... +} + +Storage { + Name = SD_WAN + Address = 8.8.8.40 + ... +} +\end{bconfig} + +This way, backups and restores from each FD using each SD are possible +as long as the firewall allows the needed network connections. + +The director simply checks if both the involved client and storage +both have a \configdirective{LanAddress} configured. + +In that case, the initiating daemon is ordered to connect to the \configdirective{LanAddress} +instead of the \configdirective{Address}. (In active client mode, the FD connects to the SD, in +passive client mode the SD connects to the FD). + +If only one or none of the involved client and storage have a \configdirective{LanAddress} +configured, the \configdirective{Address} is used as connection target for the +initiating daemon.