I have never gotten this suggestion to work but I did not try it much. You can use Point to Point IP Sec tunneling. This will remove the SSH layer. it will be more natural in terms of IP resolution and more standard then making tunnels.

 

Edward

 

On 1/10/07, Patrick Morris <patrick.morris@hp.com> wrote:

On Wed, 10 Jan 2007, Nathaniel Hall wrote:

> I have a master directory server behind a firewall that uses NAT.  I
> want to place a read only server behind a different firewall.  The new
> server does have a public IP address.  Here is my setup:
>
> Master <--> Firewall (NAT) <--> Internet <--> Firewall <--> Read-Only
>
> My initial thought was to write a script (All done and works) that SSHs
> to the RO server and creates local and remote SSH tunnels.  That would
> allow me to point the servers to localhost on specific ports so that
> they would get redirect appropriately and securely.  Right now I am
> having problems getting them work the way I want them to.  I had it
> partially working yesterday, but they were synchronizing like a normal
> system (out of SSH, over port 389).
>
> Does anybody have any ideas how this should be done securely?  It is
> going over the Internet, so security is a must.

I've had decent luck using stunnel for this sort of thing.  I've found
it to work a lot more reliably than SSH tunnels.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users