I have been trying to do this for a couple of days. It worked at one point, but it was replicating in plaintext. Alternatively, what I am trying is to point the read only system to the master through SSH tunnels and setup replication through the standard SSL port. I had a very similar setup yesterday, but mixed in with my changes I lost it. It just wasn't using SSL. Eddie C wrote: > I have never gotten this suggestion to work but I did not try it much. > You can use Point to Point IP Sec tunneling. This will remove the SSH > layer. it will be more natural in terms of IP resolution and more > standard then making tunnels. > > Edward > > > On 1/10/07, *Patrick Morris* <patrick.morris at hp.com > <mailto:patrick.morris at hp.com>> wrote: > > On Wed, 10 Jan 2007, Nathaniel Hall wrote: > > > I have a master directory server behind a firewall that uses > NAT. I > > want to place a read only server behind a different > firewall. The new > > server does have a public IP address. Here is my setup: > > > > Master <--> Firewall (NAT) <--> Internet <--> Firewall <--> > Read-Only > > > > My initial thought was to write a script (All done and works) > that SSHs > > to the RO server and creates local and remote SSH tunnels. That > would > > allow me to point the servers to localhost on specific ports so > that > > they would get redirect appropriately and securely. Right now I am > > having problems getting them work the way I want them to. I had it > > partially working yesterday, but they were synchronizing like a > normal > > system (out of SSH, over port 389). > > > > Does anybody have any ideas how this should be done securely? It is > > going over the Internet, so security is a must. > > I've had decent luck using stunnel for this sort of thing. I've > found > it to work a lot more reliably than SSH tunnels. >
