Fri Jun 2 06:45:38 PDT 2006
- Previous message: [Slony1-general] How to use Slony with a server behind NAT
- Next message: [Slony1-general] Slony Constraints
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 6/2/2006 4:25 AM, Aaron Randall wrote: > Hi All, > > I have an issue with Slony replication. I have written a few small > scripts that generate and start Slony how I wish, using the IP addresses > I give for the nodes. This works fine, assuming that the servers are in > the same subnet, but how could I solve the issue of each host needing to > be able to access the other, when one of the nodes is behind NAT, so > cannot access its own address. > > Is there a way of adding something similar to the hosts file for IP > addresses, and so I could add a route for the NATted address to point > back to localhost on the box with NATing? Done that ... but not directly. To have the outside slon talk to the inside DB, you would have to configure the NATing firewall to forward the postmaster port to the DB server, which basically would let the firewall's external IP address appear like the DB server (bad idea security wise). What I do instead is to have the ssh port forwarded and sshd configured to accept pubkey authentication only (no login from the outside with password, you need to have the public keys installed in the servers authorized_keys2 file. With that in place, I start ssh with tunneling. That way, the remote postmaster behind the firewall will be available on another TCP/IP port on my local machine. A neat side effect is that ssh not only encrypts the whole traffic, but also can compress it. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck at Yahoo.com #
- Previous message: [Slony1-general] How to use Slony with a server behind NAT
- Next message: [Slony1-general] Slony Constraints
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list