I have been trying to do this for a couple of days. It worked at one
point, but it was replicating in plaintext. Alternatively, what I am
trying is to point the read only system to the master through SSH
tunnels and setup replication through the standard SSL port. I had a
very similar setup yesterday, but mixed in with my changes I lost it.
It just wasn't using SSL.
Eddie C wrote:
I have never gotten this suggestion to work but I did not try it
much.
You can use Point to Point IP Sec tunneling. This will remove the SSH
layer. it will be more natural in terms of IP resolution and more
standard then making tunnels.
Edward
On 1/10/07, *Patrick Morris* <patrick.morris(a)hp.com
<mailto:patrick.morris@hp.com>> wrote:
On Wed, 10 Jan 2007, Nathaniel Hall wrote:
> I have a master directory server behind a firewall that uses
NAT. I
> want to place a read only server behind a different
firewall. The new
> server does have a public IP address. Here is my setup:
>
> Master <--> Firewall (NAT) <--> Internet <--> Firewall
<-->
Read-Only
>
> My initial thought was to write a script (All done and works)
that SSHs
> to the RO server and creates local and remote SSH tunnels. That
would
> allow me to point the servers to localhost on specific ports so
that
> they would get redirect appropriately and securely. Right now I am
> having problems getting them work the way I want them to. I had it
> partially working yesterday, but they were synchronizing like a
normal
> system (out of SSH, over port 389).
>
> Does anybody have any ideas how this should be done securely? It is
> going over the Internet, so security is a must.
I've had decent luck using stunnel for this sort of thing. I've
found
it to work a lot more reliably than SSH tunnels.