We are trying to commission a new Veeam hardened repository for off-site backups (Backup Copy jobs). we have put the server behind internal NAT (i.e. using a private IP not an internet IP) as we feel this will improve the security. Backup jobs work but Backup Copy jobs do not and I am getting the impression that NAT is the problem. The primary repository is trying to communicate with secondary with its ‘real’ IP rather than the NAT IP.
Can this be overcome?
Best answer by Mildur
If you are using a linux backup repo with NAT, you should configure the following setting. Could you check that configuration?
https://helpcenter.veeam.com/docs/backup/vsphere/linux_server_ssh.html?ver=110
[For the Linux server deployed outside NAT] In the Preferred TCP connection role section, select the Run server on this side check box. In the NAT scenario, the outside client cannot initiate a connection to the server on the NAT network. As a result, services that require initiation of the connection from outside can be disrupted. With this option selected, you will be able to overcome this limitation and initiate a ‘server-client’ connection — that is, a connection in the direction of the Linux server.
Is the repository added to your backup server?
We're u facing trouble while adding the repository
+12If you are using a linux backup repo with NAT, you should configure the following setting. Could you check that configuration?
https://helpcenter.veeam.com/docs/backup/vsphere/linux_server_ssh.html?ver=110
[For the Linux server deployed outside NAT] In the Preferred TCP connection role section, select the Run server on this side check box. In the NAT scenario, the outside client cannot initiate a connection to the server on the NAT network. As a result, services that require initiation of the connection from outside can be disrupted. With this option selected, you will be able to overcome this limitation and initiate a ‘server-client’ connection — that is, a connection in the direction of the Linux server.
+21If you are using a linux backup repo with NAT, you should configure the following setting. Could you check that configuration?
https://helpcenter.veeam.com/docs/backup/vsphere/linux_server_ssh.html?ver=110
[For the Linux server deployed outside NAT] In the Preferred TCP connection role section, select the Run server on this side check box. In the NAT scenario, the outside client cannot initiate a connection to the server on the NAT network. As a result, services that require initiation of the connection from outside can be disrupted. With this option selected, you will be able to overcome this limitation and initiate a ‘server-client’ connection — that is, a connection in the direction of the Linux server.
I believe Mildur has the right option here that should fix the NAT problem. Let us know if it does.
If you are using a linux backup repo with NAT, you should configure the following setting. Could you check that configuration? ...
I believe Mildur has the right option here that should fix the NAT problem. Let us know if it does.
Great, I will try this setting and report back.
+12Please do that :-)
+13Interesting topic! Didn’t know this!
+11If you are using a linux backup repo with NAT, you should configure the following setting. Could you check that configuration? ...
I believe Mildur has the right option here that should fix the NAT problem. Let us know if it does.
Great, I will try this setting and report back.
Please revert back and I hope this helps! If it does not, then I can suggest possible networking tips to help resolve this issue.
If you are using a linux backup repo with NAT, you should configure the following setting. Could you check that configuration?
https://helpcenter.veeam.com/docs/backup/vsphere/linux_server_ssh.html?ver=110
[For the Linux server deployed outside NAT] In the Preferred TCP connection role section, select the Run server on this side check box. In the NAT scenario, the outside client cannot initiate a connection to the server on the NAT network. As a result, services that require initiation of the connection from outside can be disrupted. With this option selected, you will be able to overcome this limitation and initiate a ‘server-client’ connection — that is, a connection in the direction of the Linux server.
Thank you for this. I have carried out this change and restarted the jobs. I think that it is working, and I have also created a firewall rule to allow traffic from the primary repository proxy to the secondary. It was not clear to me that this was needed.
+12Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
