Nethserver as Bacula client

As said above I want to backup Nethserver from a remote bacula backup server. I could successfully install the bacula client software on NS but I cannot connect from the bacula server to port 9102 on NS. The firewall blocks somewhere and I cannot get the firewall modified appropriately. Who can help?

Regards,
Ralph

Install the firewall ui, create a service network with the relevant name of bacula service and open the port

Else you can do it manually

https://docs.nethserver.org/projects/nethserver-devel/en/latest/services.html

I did that before. But when I telnet to NS 9102 I get “Connection refused”. In the firewall log I find "Shorewall:loc2fw:REJECT:IN=eth0 OUT= MAC=66:5e:02:46:2e:71:9a:00:22:84:1b:a6:08:00 SRC=192.168.x.x DST=192.168.y.y LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=39716 DF PROTO=TCP SPT=36954 DPT=9102 WINDOW=29200 RES=0x00 SYN URGP=0
Maybe I should add that NS is running as VM in a DMZ whereas the Bacula server sits in the LAN network. It looks like I did not hit the correct firewall rule.

Could you please disclose these addresses, @rasi ?
SRC=192.168.x.x DST=192.168.y.y
they should not harm security of your installation because these are private IPv4 addresses.
Also should be userful to know which zone/adapters are configured into NethServer, avoiding the public addresess disclosure.

SRC=192.168.2.x (Bacula Server) DST=192.168.6.x (NS in DMZ)

Please…

NethServer has only one adapter configured as green. Is that what you mean?

Thanks.
By NethServer perspective, 192.168.2.x is WAN/Red. Therefore, the service should be configured to allow connection from RED zone, like httpd-admin service use for the old management tool (NethGUI)


You should be able to edit zone access from threed-dots button at the end of the current “service rule” for Bacula-Client.

This assuming that firewall management is installed and without any rule…
Otherwise, any rule created/enforced on firewall could override the setting.