[Leaplist] duplicity recommendation - with a twist

John Simpson jms1 at jms1.net
Mon Jan 14 08:47:50 GMT 2008 

On 2008-01-13, at 1340, Chris wrote:
> John Simpson wrote:
>>
>> no... i'm using rsync within ssh. http://www.jms1.net/code/rsync-backup.shtml 
>>   has the details. (this page has been sitting there, half- 
>> written,  for months... your question prompted me to finally finish  
>> it. thank  you.)
>
> Thanks for the writeup - coincidently, I'm trying to solve a similar
> problem this weekend, but I have one additional complexity - a
> firewall.
>
> Looks like this:
> LocalLinux<--->RemoteBSDFirewall<--->ServerBehindFirewall
>
> I need to back up ServerBehindFirewall to LocalLinux, but I
> haven't figured out how to slide ssh through RemoteBSDFirwall.

can't help much with BSD... if it were running ipcop, you could create  
a port forwarding (from external port "something other than 22" to  
port 22 on the server you wish to back up) and an external access rule  
(for port "something other than 22"), and be done with it. the same  
forwarding rule would allow not only backups, but remote SSH access to  
the server for administrative purposes.

and i mention "something other than 22" because there are ankle-biters  
out there who scan entire blocks of IP space, trying port 22 on every  
IP. if your SSH service is running on some other port, they will miss  
you entirely... which is why ipcop itself uses a non-standard port  
number (222) for ssh access.

the same idea should apply to BSD as well... i just can't give you the  
exact commands you would need to type in, because i don't know them.  
there are some BSD people on the list, if they aren't ignoring this  
thread already, they'll probably jump in and tell you how to do it.  
i'm guessing it will involve "ipfw", but don't hold me to that.

----------------------------------------------------------------
| John M. Simpson    ---   KG4ZOW   ---    Programmer At Large |
| http://www.jms1.net/                         <jms1 at jms1.net> |
----------------------------------------------------------------
| http://video.google.com/videoplay?docid=-1656880303867390173 |
----------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.leap-cf.org/pipermail/leaplist/attachments/20080114/726cdf41/PGP.bin

More information about the Leaplist mailing list