Backup Your Network with Bacula


Adding a director to bacula-client under pfSense 2.1.3.

Bacula is an open source, enterprise-level computer backup system for heterogeneous networks. It is designed to automate backup tasks that had often required intervention from a systems administrator. Bacula supports Linux, UNIX, Windows and Mac OS X backup clients, although here we are mainly concerned with the Bacula package running under pfSense. It also supports a range of professional backup devices, including tape libraries. Administrators and operators can configure Bacula via a command-line console, GUI or web interface. Its backend is a catalog of information stored by MySQL, PostgreSQL, or SQLite. Bacula is the collective work of many developers, including Kern Sibbald, and has been under development for fourteen years as of this writing. It is open source and is available without fees for both commercial and non-commercial applications, under the AGPL version 3 license, with exceptions to permit linking with OpenSSL and distributing Windows binaries.

Bacula Backup: Installation and Configuration

The Bacula server has to be installed separately. Depending on which platform/operating system you are using, you may have to compile Bacula, although Bacula seems to be present in the Red Hat Enterprise Linux (RHEL) and CentOS repositories. To install the Bacula client under pfSense, navigate to System -> Packages, and scroll down to bacula-client on the package list. Press the “plus” button to the right of the entry, and press “Confirm” to confirm installation. Installation of Bacula should not take long.

Once installation is complete, there will be a new entry under the “Services” directory called “Bacula-client“. The configuration files for Bacula will not be generated until you have saved a configuration change. To understand the configuration options, it helps to understand the architecture of Bacula.

Bacula is made up of the following five major components or services: Director, Console, File, Storage, Catalog and Monitor services:

  • Director: The director service is the program that supervises all the backup, restore, verify and archive operations. The system administrator uses the director to schedule backups and to recover files. The director runs as a daemon in the background.
  • Console: The console service is the program that allows the administrator or user to communicate with the director. Currently, the console is available in three versions: text-based console interface, QT-based interface, and a wxWidgets graphical interface. The simplest is to run the Console program in a shell window. Most system administrators will find this completely adequate. The GNOME GUI interface is not yet complete, but has most of the capabilities of the of the shell console. the third version is a vxWidgets GUI with an interactive file restore.
  • File: The file service is the software program that is installed on the machine to be backed up. The file services are also responsible for the file system dependent part of restoring the file attributes and data during a recovery operation.
  • Storage: The storage services consist of the software programs that perform the storage and recovery of the file attributes and data to the physical backup media or volumes. In other words, the storage daemon is responsible for reading and writing your tapes or other storage media.
  • Catalog: The catalog services are comprised of the software programs responsible for the maintaining the file indexes and volume databases for all files backed up. Bacula currently supports three different databases: MySQL, PostgreSQL, and SQLite.
  • Monitor: The monitor service is the program that allows the administrator or user to watch the current status of Bacula directors, file daemons, and storage daemons. Currently, only a GTK+ version is available.

If you navigate to Services -> Bacula-client, there are three tabs: “Directors“, “FileDaemon“, and “View Configuration“. The first tab, “Directors“, enables you to add directors by pressing the “plus” button on the right side. You can specify the “Director Name” and provide a description in the “Description” field. You need to supply a password at “Password“, and at the “Director type” dropdown box, you can select the director attributes. “Director” just specifies that it is a director. “Local” causes the Monitor attribute in bacula-fd.conf to be set to “yes” and the director attribute in the Messages section of bacula-fd.conf to be set to this director. Setting the director type to monitor causes the Monitor attribute to be set to “yes“, but leaves the director attribute unchanged.

On the “FileDaemon” tab, there are currently only two settings: “File Daemon port” (the default is 9102), and “Maximum Concurrent Jobs” (the default is 20). The Volume format becomes more complicated with multiple simultaneous jobs; consequently, restores may take longer if Bacula must sort through interleaved volume blocks from multiple simultaneous jobs. Thus, you should probably leave “Maximum Concurrent Jobs” set to 20 unless you have a specific reason otherwise. Finally, “View configuration” allows you to view (but not alter) the bacula-fd.conf file.

External Links:

The official Bacula web site

Bacula on Wikipedia

pfSense Backup and Restore

Backing up your pfSense configuration files is a crucial task, both in order to restore the configuration after a system failure and to recover data from an earlier time. Fortunately, pfSense makes the process easy. pfSense backup configuration files are stored in a plain text XML format by default, but it also gives the user an option to encrypt them.

pfSense Backup in a Few Easy Steps

pfSense Backup

Backup configuration options in pfSense 2.0.

To backup the configuration files, first navigate to Diagnostics -> Backup/restore and from there, select the Backup/Restore tab. At “Backup area“, you will see a drop-down box showing all the configuration areas you can back up. Leave it as “ALL” to backup all files. Leave “Do not backup package information” unchecked if you do not want to backup package information. The next check box is “Encrypt the configuration file“; check this if you want to encrypt the backup (you will have to enter the password twice in the edit boxes below if this is selected). Leave “Do not back up RRD checked” unless you want to backup the round robin database (it can be over 4 MB in size). Press the “Download configuration” button and save the file to a safe location. Your pfSense backup is now complete.

Now, the configuration info will be stored in a single XML file. Some passwords, however, will be stored in plain text. If this is a problem, you can always encrypt the file with the “Encrypt this configuration file” option.

Automating Your pfSense Backup

You’re probably wondering if the backup process can be automated. As it happens, there is a package called “AutoConfigBackup” that enables you to automate backups, but it is only available for paying pfSense customers with a Premium support contract. However, Koen Zomers has created his own command line backup automation tool for Windows, which is quite easy to use (remember to use the -v 2.0 option when backing up a pfSense 2.0 configuration file). You can use this in conjunction with the AT command to fully automate the process. For example:

at 20:00 /every:M,T,W,Th,F,S,Su pfSenseBackup.exe -u admin -p password -s -o c:\backup.xml -v 2.0

will backup the config file of the pfSense router at to the C drive at 8:00 PM every day.

If you don’t use Windows or don’t want to use this utility, you can still automatically make a backup. When a change is made in pfSense, a backup of the configuration file is stored in /cf/conf/backup. You could create a script to run as a cron job on the pfSense system to copy this file to a remote system, or you could run a script on the remote system which could download the files.

Restoring from a Backup

You can also restore pfSense’s configuration from a backup. From the same tab under “Restore Configuration“, choose a restore area from the dropdown box, click on the “Choose” button to launch the file dialog box and select a backup configuration file. Press the “Open” button to close out the file dialog box. Click the “Configuration file is encrypted” check box if the file is encrypted (you will have to specify a password), and press the “Restore configuration” button. pfSense will reboot after “Restore configuration” is pressed.

External Links:

Configuration Backup and Restore at

How to automate pfSense backup, where you can download Koen Zomer’s pfSense backup tool.

Remote Config pfSense Backup at – information on how to use the Auto Config Backup package, but you need a paid subscription to use it.

How to Backup and Restore Configurations in pfSense 2.0

© 2013 David Zientara. All rights reserved. Privacy Policy