3.15.2. Passive Clients

The normal way of initializing the data channel (the channel where the backup data itself is transported) is done by the Bareos File Daemon (client) that connects to the Bareos Storage Daemon.

In many setups, this can cause problems, as this means that:

  • The client must be able to resolve the name of the Bareos Storage Daemon (often not true, you have to do tricks with the hosts file)
  • The client must be allowed to create a new connection.
  • The client must be able to connect to the Bareos Storage Daemon over the network (often difficult over NAT or Firewall)

By using Passive Client, the initialization of the datachannel is reversed, so that the storage daemon connects to the Bareos File Daemon. This solves almost every problem created by firewalls, NAT-gateways and resolving issues, as

  • The Bareos Storage Daemon initiates the connection, and thus can pass through the same or similar firewall rules that the director already has to access the Bareos File Daemon.
  • The client never initiates any connection, thus can be completely firewalled.
  • The client never needs any name resolution and is totally independent from any resolving issues.
../_images/passive-client-communication.png

3.15.2.1. Usage

To use this new feature, just configure Passive (Dir->Client)=yes in the client definition of the Bareos Director Daemon:

Enable passive mode in bareos-dir.conf
Client {
   Name = client1-fd
   Password = "secretpassword"
   <input>Passive = yes</input>
   [...]
}

Also, prior to bareos version 15, you need to set Compatible (Fd->Client)=no in the bareos-fd.conf configuration file. Since Bareos Version 15, the compatible option is set to no per default and does not need to be specified anymore.

Disable compatible mode for the Bareos File Daemon in bareos-fd.conf
Director {
  Name = bareos-dir
  Password = "secretpassword"
}

Client {
   Name = client1-fd
   [...]
   <input>Compatible = no</input>
}