3.15.3. Using different IP Adresses for SD – FD Communication

[TAG=Lan Address]

Bareos supports network topologies where the Bareos File Daemon and Bareos Storage Daemon are situated inside of a LAN, but the Bareos Director Daemon is outside of that LAN in the Internet and accesses the Bareos File Daemon and Bareos Storage Daemon via SNAT / port forwarding.

Consider the following scheme:

/-------------------\
|                   |    LAN 10.0.0.1/24
|                   |
|  FD_LAN   SD_LAN  |
|  .10         .20  |
|                   |
\___________________/
          |
      NAT Firewall
      FD: 8.8.8.10 -> 10.0.0.10
      SD: 8.8.8.20 -> 10.0.0.20
          |
/-------------------\
|                   |
|                   |     WAN / Internet
|        DIR        |
|     8.8.8.100     |
|                   |
| FD_WAN   SD_WAN   |
| .30         .40   |
\___________________/

The Bareos Director Daemon can access the FD_LAN via the IP 8.8.8.10, which is forwarded to the IP 10.0.0.10 inside of the LAN.

The Bareos Director Daemon can access the SD_LAN via the IP 8.8.8.20 which is forwarded to the IP 10.0.0.20 inside of the LAN.

There is also a Bareos File Daemon and a Bareos Storage Daemon outside of the LAN, which have the IPs 8.8.8.30 and 8.8.8.40

All resources are configured so that the Address directive gets the address where the Bareos Director Daemon can reach the daemons.

Additionally, devices being in the LAN get the LAN address configured in the Lan Address directive. The configuration looks as follows:

bareos-dir.d/client/FD_LAN.conf
Client {
   Name = FD_LAN
   Address = 8.8.8.10
   LanAddress = 10.0.0.10
   ...
}
bareos-dir.d/client/SD_LAN.conf
Storage {
   Name = SD_LAN
   Address = 8.8.8.20
   LanAddress = 10.0.0.20
   ...
}
bareos-dir.d/client/FD_WAN.conf
Client {
   Name = FD_WAN
   Address = 8.8.8.30
   ...
}
bareos-dir.d/client/SD_WAN.conf
Storage {
   Name = SD_WAN
   Address = 8.8.8.40
   ...
}

This way, backups and restores from each Bareos File Daemon using each Bareos Storage Daemon are possible as long as the firewall allows the needed network connections.

The Bareos Director Daemon simply checks if both the involved Bareos File Daemon and Bareos Storage Daemon both have a Lan Address (Lan Address (Dir->Client) and Lan Address (Dir->Storage)) configured.

In that case, the initiating daemon is ordered to connect to the Lan Address instead of the Address. In active client mode, the Bareos File Daemon connects to the Bareos Storage Daemon, in passive client mode (see Passive Clients) the Bareos Storage Daemon connects to the Bareos File Daemon.

If only one or none of the involved Bareos File Daemon and Bareos Storage Daemon have a Lan Address configured, the Address is used as connection target for the initiating daemon.