daemon or client, and SD the Storage daemon. The numbers that follow those
names are the standard ports used by Bacula, and the -\gt{} represents the
left side making a connection to the right side (i.e. the right side is the
-``server'' or is listening on the specified port), and the left side is the
-``client'' who initiates the conversation.
+"server" or is listening on the specified port), and the left side is the
+"client" who initiates the conversation.
Note, port 9103 serves both the Director and the File daemon, each having its
own independent connection.
firewall.mydomain.tld:9103 MUST be forwarded using the firewall's
configuration software to server.int.mydomain.tld:9103. Some firewalls call
this 'Server Publication'. Others may call it 'Port Forwarding'.
+
+\subsubsection*{Firewall Problems}
+\index[general]{Firewall Problems}
+\index[general]{Problems!Firewalls}
+\addcontentsline{toc}{subsubsection}{Firewall Problems}
+Either a firewall or a router may decide to timeout and terminate
+open connections if they are not active for a short time. By Internet
+standards the period should be two hours, and should be indefinitely
+extended if KEEPALIVE is set as is the case by Bacula. If your firewall
+or router does not respect these rules, you may find Bacula connections
+terminated. In that case, the first thing to try is turning on the
+{\bf Heart Beat Interval} both in the File daemon and the Storage daemon
+and set an interval of say five minutes.
+
+Also, if you have denial of service rate limiting in your firewall, this
+too can cause Bacula disconnects since Bacula can at times use very high
+access rates. To avoid this, you should implement default accept
+rules for the Bacula ports involved before the rate limiting rules.
+
+Finally, if you have a Windows machine, it will most likely by default
+disallow connections to the Bacula Windows File daemon. See the
+Windows chapter of this manual for additional details.
projects / bacula / docs / blobdiff