[Fedora-directory-users] FDS behind NATed firewall
Nathaniel Hall
lists at spider-security.net
Wed Jan 10 21:40:44 UTC 2007
I have been trying to do this for a couple of days. It worked at one
point, but it was replicating in plaintext. Alternatively, what I am
trying is to point the read only system to the master through SSH
tunnels and setup replication through the standard SSL port. I had a
very similar setup yesterday, but mixed in with my changes I lost it.
It just wasn't using SSL.
Eddie C wrote:
> I have never gotten this suggestion to work but I did not try it much.
> You can use Point to Point IP Sec tunneling. This will remove the SSH
> layer. it will be more natural in terms of IP resolution and more
> standard then making tunnels.
>
> Edward
>
>
> On 1/10/07, *Patrick Morris* <patrick.morris at hp.com
> <mailto:patrick.morris at hp.com>> wrote:
>
> On Wed, 10 Jan 2007, Nathaniel Hall wrote:
>
> > I have a master directory server behind a firewall that uses
> NAT. I
> > want to place a read only server behind a different
> firewall. The new
> > server does have a public IP address. Here is my setup:
> >
> > Master <--> Firewall (NAT) <--> Internet <--> Firewall <-->
> Read-Only
> >
> > My initial thought was to write a script (All done and works)
> that SSHs
> > to the RO server and creates local and remote SSH tunnels. That
> would
> > allow me to point the servers to localhost on specific ports so
> that
> > they would get redirect appropriately and securely. Right now I am
> > having problems getting them work the way I want them to. I had it
> > partially working yesterday, but they were synchronizing like a
> normal
> > system (out of SSH, over port 389).
> >
> > Does anybody have any ideas how this should be done securely? It is
> > going over the Internet, so security is a must.
>
> I've had decent luck using stunnel for this sort of thing. I've
> found
> it to work a lot more reliably than SSH tunnels.
>
More information about the Fedora-directory-users
mailing list