Request: Linux Agent backup to remote B&R behind NAT FW

Backup agent for Linux servers and workstations on-premises or in the public cloud

Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby emilec » Thu Mar 02, 2017 6:16 am 1 person likes this post

I have an open case with support: #02079118. They have suggested I post here as a feature request

Essentially what I'd like to do is use the Agent for Linux to backup to a remote B&R server that sits behind a firewall. I have setup all the correct port forwarding but for some reason after the initial setup of the job the actual backup attempts to talk to the internal IP of the B&R server. This can be seen in the logs as follows:

Code: Select all
[23.02.2017 08:12:15] <140268905989888> lpbcore|   Starting backup client for agent with UID [{0ac9a604-240f-4a31-901a-526c86796e24}]. Client id: [1ee5]
[23.02.2017 08:12:15] <140268905989888> lpbcore|     IP endpoints: [10.2.1.11:2502].
[23.02.2017 08:12:15] <140268905989888>        |     Trying to connect to the endpoint [10.2.1.11:2502]
[23.02.2017 08:13:18] <140268905989888>        |   Connection status: system:110 ( Connection timed out ).
[23.02.2017 08:13:18] <140268905989888> lpbcore|   Starting backup client for agent with UID [{0ac9a604-240f-4a31-901a-526c86796e24}]. Client id: [1ee5] Failed.
[23.02.2017 08:13:20] <140268905989888> lpbcore| BackupJobPerformer: Creating backup. Failed.
[23.02.2017 08:13:21] <140268905994080> lpbcore| LpbManSession: Processing commands. ok.
[23.02.2017 08:13:21] <140268905989888> lpbcore| ERR |Job has failed.
[23.02.2017 08:13:21] <140268905989888> lpbcore| >>  |Failed to connect to the port [10.2.1.11:2502].
[23.02.2017 08:13:21] <140268905989888> lpbcore| >>  |--tr:Failed to connect to target endpoint.
[23.02.2017 08:13:21] <140268905989888> lpbcore| >>  |--tr:Unable to connect to agent endpoint.
[23.02.2017 08:13:21] <140268905989888> lpbcore| >>  |Backup job has failed.
[23.02.2017 08:13:21] <140268905989888> lpbcore| >>  |An exception was thrown from thread [140268905989888].
 


In simplistic terms the infrastructure is as follows:
CentOS Server with Agent -> FW (NAT) -> internet -> FW (NAT) -> B&R 9.5U1 (Server and Repo on one box)

This setup works for B&R to remote B&R, so would be nice to be able to do the same with the Agent.
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behing NAT FW

Veeam Logoby emilec » Thu Mar 02, 2017 6:22 am

Would a mod please fix my typo. I don't appear to have rights to edit my post.

Edit: I now suddenly have edit rights :D
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behing NAT FW

Veeam Logoby Mike Resseler » Thu Mar 02, 2017 6:30 am

Hi,

What do you want to change? I am overlooking it (I need more coffee :-)). Don't worry too much about a typo by the way :-D

For your feature request. I will leave this to Pavel who can look into it
Mike Resseler
Veeam Software
 
Posts: 3381
Liked: 384 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Request: Linux Agent backup to remote B&R behing NAT FW

Veeam Logoby emilec » Thu Mar 02, 2017 6:33 am

For some reason the agent ignores the external IP (in this case a hostname) used in the backup job creation, during the backup process. Instead when the job starts it wants to connect to the internal IP of the B&R server. This indicates there must be some sort of communication taking place because how else would it know what the internal IP is?

Edit: Maybe I need more coffee? Are you commenting on the feature I want to change or the typo?
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby PTide » Thu Mar 02, 2017 9:06 am

Hi,

Just one question - do you have your repo on the same server where VBR resides at? Also did you specify an IP, or hostname on the VBR configuration step in VAL?

Please also check this post for a workaround.

Thanks
PTide
Veeam Software
 
Posts: 3230
Liked: 269 times
Joined: Tue May 19, 2015 1:46 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby SFalk » Thu Mar 02, 2017 10:02 am

Hi there,

the missing NAT-support is the last showstopper for us to use the agent on our remote hosts (and finally remove the other crappy backup-products).
Would it be possible to add it as feature-request?

Thanks
SFalk
Lurker
 
Posts: 2
Liked: never
Joined: Mon Oct 21, 2013 12:32 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby emilec » Thu Mar 02, 2017 2:58 pm

PTide wrote:Hi,

Just one question - do you have your repo on the same server where VBR resides at? Also did you specify an IP, or hostname on the VBR configuration step in VAL?

Repo and VBR are on the same box. I used a hostname. The hostname resolves correctly to the external IP. You suggesting I rather just try the external IP? I didn't try that actually.

PTide wrote:Please also check this post for a workaround.

Nice hack, but not for me thanks.
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby emilec » Thu Mar 02, 2017 3:03 pm

Using the external IP rather than the hostname results in the same problem. VAL wants to talk to the internal IP.
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby PTide » Thu Mar 02, 2017 6:19 pm

Would it be possible to add it as feature-request?
Sure, feature request has been noted. :)

@emilec

If got it right, your vbr server has an external IP (the one that you've specified in VAL) and an internal IP (the one that VAL is attempting to contact). Is that's the case?
PTide
Veeam Software
 
Posts: 3230
Liked: 269 times
Joined: Tue May 19, 2015 1:46 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby tsightler » Thu Mar 02, 2017 9:26 pm

As a very hackish workaround you can follow my instructions here which will allow this:

https://drive.google.com/file/d/0B8s_Em ... hKNVk/view

This involves adding a secondary IP for the repo that matches your public IP address, then adding the repo, by that IP, to the VBR server. This effectively fools the VBR server into thinking that the public IP is the address of the repo and that's the address it sends to the client to connect.
tsightler
Veeam Software
 
Posts: 4872
Liked: 1819 times
Joined: Fri Jun 05, 2009 12:57 pm
Full Name: Tom Sightler

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby emilec » Fri Mar 03, 2017 6:12 am

PTide wrote:If got it right, your vbr server has an external IP (the one that you've specified in VAL) and an internal IP (the one that VAL is attempting to contact). Is that's the case?


Yes.

In simplistic terms the infrastructure is as follows:
CentOS Server with Agent -> FW (NAT) -> internet -> FW (NAT) -> B&R 9.5U1 (Server and Repo on one box)
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby emilec » Fri Mar 03, 2017 6:14 am

tsightler wrote:As a very hackish workaround you can follow my instructions here which will allow this:

https://drive.google.com/file/d/0B8s_Em ... hKNVk/view

This involves adding a secondary IP for the repo that matches your public IP address, then adding the repo, by that IP, to the VBR server. This effectively fools the VBR server into thinking that the public IP is the address of the repo and that's the address it sends to the client to connect.


Thanks. I did see that, but I'm not changing a working production service to accommodate:
1) My VAL testing
2) A missing feature / bug (IMHO)
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby PTide » Fri Mar 03, 2017 9:19 am

I recollect that there is a very similar issue with Endpoint. I guess that if a secondary IP is added then VBR will return two IPs resulting in the same behaviour.
PTide
Veeam Software
 
Posts: 3230
Liked: 269 times
Joined: Tue May 19, 2015 1:46 pm

Re: Request: Linux Agent backup to remote B&R behind NAT FW

Veeam Logoby emilec » Fri Mar 03, 2017 9:31 am

PTide wrote:I recollect that there is a very similar issue with Endpoint. I guess that if a secondary IP is added then VBR will return two IPs resulting in the same behaviour.


In my case the host only has one IP, which is the internal one.
emilec
Enthusiast
 
Posts: 31
Liked: 21 times
Joined: Sun May 11, 2014 5:03 pm


Return to Veeam Agent for Linux



Who is online

Users browsing this forum: No registered users and 1 guest