Agent-based backup of Windows, Linux, Max, AIX and Solaris machines.
Post Reply
sebkoe
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 20, 2021 11:07 am
Full Name: Sebastian
Contact:

Backup (File) Server in DMZ

Post by sebkoe »

Hello all,

I'm new to Veeam Backup and Replication (V11) and have been testing diligently for the last few days.

One of the last items on my checklist is file backups from a server located in our DMZ.

Here is what our setup looks like:

1x Veeam Management Server (Windows VM)
3x Storage/Proxy Server (hardware Windows with local hard disks)

All 4 servers have one IP in our LAN (10.10.149.x)

I want to backup files on a Linux server in our DMZ (public IP) for testing.

The Linux server has therefore only via NAT access to the storage servers.

I have not yet managed to implement this setup. In my search so far, I have also not become smarter. Last I had tested the backup solution from Acronis. There a file backup via NAT was no problem.

I hope to get some tips here.

Thanks and greetings
Sebastian
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Backup (File) Server in DMZ

Post by wishr »

Hi Sebastian,

Welcome to Veeam R&D forums!

If your Linux server is accessible through NFS from the backup server/backup proxy, there should not be issues backing it up.

Thanks
sebkoe
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 20, 2021 11:07 am
Full Name: Sebastian
Contact:

Re: Backup (File) Server in DMZ

Post by sebkoe »

Hello and thank you.

So i just have to enable access from my storage/proxy Servers to the Linux Server i would like to backup via NFS?
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Backup (File) Server in DMZ

Post by wishr »

Just from the servers where your backup proxies are located, correct.

This diagram highlights a typical deployment scenario and data transmission channels.
Here you can find information on the required ports to be opened.
Also, I'm adding this link to the BP portal maintained by our system engineers (SEs) that provides a lot of useful tips and recommendations.

Thanks
sebkoe
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 20, 2021 11:07 am
Full Name: Sebastian
Contact:

Re: Backup (File) Server in DMZ

Post by sebkoe »

ok, i did a new test setup.

i created an empty vm in the DMZ Network and made sure all my Backup Servers (Proxy/Storage/Manager) are able to connect via NFS (checked with tcpdump on the Linux Server).

I then started a tcpdump on the Linux Server, while starting a backup on my Manager Server.

I see alot of SSH traffic from the management Server via NAT to the Linux Server (which is working fine), but then i see that the Linux Servers tries to connect to my Mananger Server on Port 10006 to its LAN IP (which cant work, because i am in a DMZ and NAT is required).

After some time the Backup fails with:

"Error: Failed to execute agent management command startBackup."

I did not see any NFS traffic in tcpdump at all (just ssh and the failing traffic to Port 10006).

So i am a little confused how that should work, when the Linux Server tries to connect to an IP that it is not able to reach directly.

PS: just to make sure we are not confusing things here. I am talking about "NAT", not "NAS". Because you posted a link with "NAS" Infos.
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Backup (File) Server in DMZ

Post by wishr »

Are you sure you have created a File Share backup job and exclusively selected the desired backup proxy server? I'm suggesting our file share backup since you were asking about file backups. To clarify, you would like to back up some files located on the Linux server, correct?

On the Linux server, I guess you can modify the /etc/hosts so that the server will talk back to the DMZ IP address of the backup proxy (or the IP address of the backup server if you have not selected a dedicated backup proxy in the job settings).

If you are asking about Veeam Agent backup, please, refer to this thread.
sebkoe
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 20, 2021 11:07 am
Full Name: Sebastian
Contact:

Re: Backup (File) Server in DMZ

Post by sebkoe »

im talking about single files/folder on a host (here Linux) not on a fileshare. Phsysical Servers, that i dont want to backup completely.

This is regular Backup Job:

Backup -> Linux Computer -> Managed by backup server -> File Level Backup -> choose directorys to backup

/etc/hosts does not help since veeam is not trying to connect to a hostname (which i could change via /etc/hosts) but directly to an IP.

Is there no "veeam way" to get the above setup working? This would be my first test with a backup software that is not able to work via NAT.
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Backup (File) Server in DMZ

Post by wishr »

Veeam Agents including VAL do not support NAT because the agent should be "talking" directly with the backup server, unfortunately. Though, there are a few workarounds mentioned in the thread I linked above.

Thanks
sebkoe
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 20, 2021 11:07 am
Full Name: Sebastian
Contact:

Re: Backup (File) Server in DMZ

Post by sebkoe » 1 person likes this post

thank you. The post you linked would be a great fix for this. In my opinion its pretty bad to not support nat (since it would be so easy to achieve). With Acronis its working exactly like explained in the Link. Use FQDN, then you can add host entries on the agents -> done
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Backup (File) Server in DMZ

Post by wishr »

Thank you for the feedback. We'll count it as another +1 for this feature request.
Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests