cancel
Showing results for 
Search instead for 
Did you mean: 

Failure to connect NBU client in DMZ through NAT

Mike_Tang
Level 4
Certified

Hello all,

I have installed NBU 7.1 WIN client in windows web servers in DMZ. They are connected to the master/media server in trust zone through NAT. 

However, try to connect them failed in Netbackup Management Console.

Error(46): server not allowed access.

 

I have added NAT addresses in the local host as below.

Web Server

CSBAU003 y.y.y.y # NAT address map to the IP address of Master/Media Server in trust zone

Master/Media Server

CSWES002 x.x.x.x  # NAT address map to the IP address of web server in DMZ

And now NAT firewall is open through all ports during pre-production.

 

Have you any idea?

Thanks,

Mike

1 ACCEPTED SOLUTION

Accepted Solutions

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

"Error(46): server not allowed access." Create bpcd log folder on client. Try to connect again. Check bpcd log on client. Look for 'connection from 'IP-address'. Add this IP address to client's hosts file for master server name.

View solution in original post

4 REPLIES 4

Alexis_Gonzalo_
Level 4

NAT is not supported by NetBackup:

Quote from http://www.symantec.com/docs/TECH15006: Some NetBackup operations may appear to function correctly when using NAT or PAT.  But functionality is limited, the authenticity of a remote host and therefore data security is not guaranteed, and attempts to work-around NAT may expose critical host information.  Therefore, support is not extended to these environments.

Anyway, I once made backups and restores from a web server in a DMZ with NAT. Say, the Master Server was called "nb-master" and had the IP 1.2.3.4. If you made a connection from the Master Server to the web server, the web server would believe your IP was 1.2.3.5, which was actually the IP of the router (or default gateway). SO, what we did was putting the following data in the hosts table in the web server:

1.2.3.4 nb-master

1.2.3.5 nb-master

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

"Error(46): server not allowed access." Create bpcd log folder on client. Try to connect again. Check bpcd log on client. Look for 'connection from 'IP-address'. Add this IP address to client's hosts file for master server name.

Mike_Tang
Level 4
Certified

The following is the output of bptestbpcd from master server (CSBAU003) to client (CSWES002).

 

C:\Program Files\Veritas\NetBackup\bin\admincmd>bptestbpcd.exe -client cswes002
-verbose -debug
20:09:12.605 [3132.12148] <2> bptestbpcd: VERBOSE = 0
20:09:12.606 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.606 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0c9\51
ff62c9+0,1,2,0,1,0+cswes002.txt
20:09:12.615 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.616 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0c9\51
ff62c9+veritas_pbx,1,0,2,1,0+cswes002.txt
20:09:12.619 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.619 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0fb\1c
7476fb+0,1,2,0,1,0+192.168.1.14.txt
20:09:12.622 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.623 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0c9\51
ff62c9+vnetd,1,0,2,1,0+cswes002.txt
20:09:12.626 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.627 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0c9\51
ff62c9+bpcd,1,0,2,1,0+cswes002.txt
20:09:12.634 [3132.12148] <2> vnet_pbxConnect: pbxConnectEx Succeeded
20:09:12.635 [3132.12148] <2> logconnections: BPCD CONNECT FROM 172.21.11.166.50
821 TO 192.168.1.14.1556 fd = 616
20:09:12.636 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.637 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0fb\1c
7476fb+veritas_pbx,1,0,2,1,0+192.168.1.14.txt
20:09:12.641 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
635: 0: fopen() failed: 2 0x00000002
20:09:12.641 [3132.12148] <2> file_to_addrinfo: ../../libvlibs/vnet_addrinfo.c.6
636: 0: fopen() failed: C:\Program Files\Veritas\NetBackup\var\host_cache\0fb\1c
7476fb+vnetd,1,0,2,1,0+192.168.1.14.txt
20:09:12.648 [3132.12148] <2> vnet_pbxConnect: pbxConnectEx Succeeded
20:09:12.684 [3132.12148] <2> do_pbx_service: ../../libvlibs/vnet_connect.c.1776
: 0: via PBX: VNETD CONNECT FROM 172.21.11.166.50825 TO 192.168.1.14.1556 fd = 6
32
20:09:12.687 [3132.12148] <2> vnet_vnetd_connect_forward_socket_begin: ../../lib
vlibs/vnet_vnetd.c.445: 0: VN_REQUEST_CONNECT_FORWARD_SOCKET: 10 0x0000000a
20:09:12.889 [3132.12148] <2> vnet_vnetd_connect_forward_socket_begin: ../../lib
vlibs/vnet_vnetd.c.462: 0: ipc_string: 59777
20:09:29.553 [3132.12148] <2> ConnectToBPCD: bpcd_connect_and_verify(cswes002, c
swes002) failed: 46
<16>bptestbpcd main: Function ConnectToBPCD(cswes002) failed: 46
20:09:29.555 [3132.12148] <16> bptestbpcd main: Function ConnectToBPCD(cswes002)
 failed: 46
<2>bptestbpcd: server not allowed access
20:09:29.556 [3132.12148] <2> bptestbpcd: server not allowed access
<2>bptestbpcd: EXIT status = 46
20:09:29.557 [3132.12148] <2> bptestbpcd: EXIT status = 46
server not allowed access

Mike_Tang
Level 4
Certified

Marianne,

I have added the NAT Proxy IP for master server in client local host file. Master server can connect to this NAT client.

I learn one more thing!

Thanks for your hints!

Mike