diff options
| author | Stephan Duehr <stephan.duehr@bareos.com> | 2017-03-23 17:45:04 +0300 |
|---|---|---|
| committer | Joerg Steffens <joerg.steffens@bareos.com> | 2017-04-21 16:06:37 +0300 |
| commit | 46b3f00281826f670f899d192680f15149bba5a5 (patch) | |
| tree | ab7bdf3079551d91ddfae7d21e85100fba8e0eb2 | |
| parent | 640fcbcd2e39fca48edb8f39022c1b68a08e1a13 (diff) | |
Added documentation for the LanAddress directive
| -rw-r--r-- | manuals/en/main/bareos-manual-main-reference.tex | 1 | ||||
| -rw-r--r-- | manuals/en/main/director-resource-client-definitions.tex | 15 | ||||
| -rw-r--r-- | manuals/en/main/director-resource-storage-definitions.tex | 14 | ||||
| -rw-r--r-- | manuals/en/main/lanaddress.tex | 92 |
4 files changed, 122 insertions, 0 deletions
diff --git a/manuals/en/main/bareos-manual-main-reference.tex b/manuals/en/main/bareos-manual-main-reference.tex index a6c15cb..9f25ea4 100644 --- a/manuals/en/main/bareos-manual-main-reference.tex +++ b/manuals/en/main/bareos-manual-main-reference.tex @@ -208,6 +208,7 @@ \chapter{Network setup} \input{client-initiated-connection} \input{passiveclient} + \input{lanaddress} \include{tls} \include{dataencryption} diff --git a/manuals/en/main/director-resource-client-definitions.tex b/manuals/en/main/director-resource-client-definitions.tex index 2aab056..5c62493 100644 --- a/manuals/en/main/director-resource-client-definitions.tex +++ b/manuals/en/main/director-resource-client-definitions.tex @@ -243,3 +243,18 @@ Specifies the username that must be supplied when authenticating. Only used for the non Native protocols at the moment. } + +\defDirective{Dir}{Client}{Lan Address}{}{}{% +This parameter is needed to support a network topology where client and storage are +situated inside of a LAN, but the Director is outside of that LAN in the internet +and accesses SD and FD via SNAT or port forwarding. + +Only if this parameter is present in both the involved Client and Storage resources, +the Director will send the specified IP address or hostname to the FD or SD (when +using passive client). + +See chapter \nameref{LanAddress} for more details. + +} + + diff --git a/manuals/en/main/director-resource-storage-definitions.tex b/manuals/en/main/director-resource-storage-definitions.tex index 967ffb1..23af604 100644 --- a/manuals/en/main/director-resource-storage-definitions.tex +++ b/manuals/en/main/director-resource-storage-definitions.tex @@ -228,3 +228,17 @@ For details, refer to chapter \nameref{TlsDirectives}. \defDirective{Dir}{Storage}{Username}{}{}{% } + +\defDirective{Dir}{Storage}{Lan Address}{}{}{% +This parameter is needed to support a network topology where client and storage are +situated inside of a LAN, but the Director is outside of that LAN in the internet +and accesses SD and FD via SNAT or port forwarding. + +Only if this parameter is present in both the involved Client and Storage resources, +the Director will send the specified IP address or hostname to the FD or SD (when +using passive client). + +See chapter \nameref{LanAddress} for more details. + +} + diff --git a/manuals/en/main/lanaddress.tex b/manuals/en/main/lanaddress.tex new file mode 100644 index 0000000..206e3ad --- /dev/null +++ b/manuals/en/main/lanaddress.tex @@ -0,0 +1,92 @@ + \section{Using different IP Adresses for SD -- FD Communication} + \label{LanAddress} + \index[general]{Lan Address} + +The \configdirective{Lan Address} configuration directive is needed to support a network +topology where client and storage are situated inside of a LAN, but the Director is +outside of that LAN in the internet and accesses SD and FD via SNAT / port forwarding. + +Consider the following scheme: + +\begin{commands}{} + /-------------------\ + | | LAN 10.0.0.1/24 + | | + | FD_LAN SD_LAN | + | .10 .20 | + | | + \___________________/ + | + NAT Firewall + FD: 8.8.8.10 -> 10.0.0.10 + SD: 8.8.8.20 -> 10.0.0.20 + | + /-------------------\ + | | + | | WAN / Internet + | DIR | + | 8.8.8.100 | + | | + | FD_WAN SD_WAN | + | .30 .40 | + \___________________/ + \end{commands} + +The director can access the FD\_LAN via the IP 8.8.8.10, which is +forwarded to the IP 10.0.0.10 inside of the LAN. + +The director can access the SD\_LAN via the IP 8.8.8.20 which is +forwarded to the IP 10.0.0.20 inside of the LAN. + +There is also a FD and a SD outside of the LAN, which have the IPs +8.8.8.30 and 8.8.8.40 + +All resources are configured so that the \configdirective{Address} directive gets the +Address where the Director can reach the daemons. + +Additionally, devices being in the LAN get the LAN address configured in +the \configdirective{LanAddress} directive: + +The configuration looks as follows: + +\begin{bconfig}{bareos-dir.conf} +Client { + Name = FD_LAN + Address = 8.8.8.10 + LanAddress = 10.0.0.10 + ... +} + +Storage { + Name = SD_LAN + Address = 8.8.8.20 + LanAddress = 10.0.0.20 + ... +} + +Client { + Name = FD_WAN + Address = 8.8.8.30 + ... +} + +Storage { + Name = SD_WAN + Address = 8.8.8.40 + ... +} +\end{bconfig} + +This way, backups and restores from each FD using each SD are possible +as long as the firewall allows the needed network connections. + +The director simply checks if both the involved client and storage +both have a \configdirective{LanAddress} configured. + +In that case, the initiating daemon is ordered to connect to the \configdirective{LanAddress} +instead of the \configdirective{Address}. (In active client mode, the FD connects to the SD, in +passive client mode the SD connects to the FD). + +If only one or none of the involved client and storage have a \configdirective{LanAddress} +configured, the \configdirective{Address} is used as connection target for the +initiating daemon. |