[Box Backup] bbstored/bbackupd communication ports

Robert Shaw boxbackup@fluffy.co.uk
Wed, 19 Jan 2005 15:53:18 -0800


On Jan 19, 2005, at 3:27 PM, Chris Wilson wrote:
>> 1. Open port 2201 on my router to allow homeserver:2201 access from 
>> the outside.
>> 2. ssh workserver -L 2201:homeserver:2201
>> 3. This works.
>
> Since you have to open port 2201, this would indicate that your 
> bbackupd is still connecting to homeserver. You need to reconfigure it 
> to connect to "localhost" instead. Otherwise you're not using the 
> tunnel you just created.

Not sure I understand your comment here. This method works fine. It 
looks like this:

[laptop]--[workserver]--{internet}--[homerouter]--[homeserver]
     |                                 ^      |       ^
     v                                 |      v       |
     port 2201 --------------> port 2201      port 2201

laptop# ssh workserver -L 2201:homerouter:2201

>> 1. Close port 2201 on my router to not allow homeserver:2201 access 
>> from outside.
>> 2. ssh workserver -L 8022:homeserver:22
>> 3. ssh -p 8022 laptop -L 2201:localhost:2201
>> 4. This does not work.
>
> This doesn't look correct to me. Does your network look something like 
> this?
>
> 	[laptop]--[workserver]--{internet}--[homerouter]<--[homeserver]
> 					    |		   ^
> 					    v		   |
> 					    port 22------->port 22

The network looks like this:

[laptop]--[workserver]--{internet}--[homerouter]--[homeserver]
     |                                 ^      |       ^    ^
     v                                 |      v       |    |
     port 8022 ----------------> port 22       port 22     |
     |                                                     |
     v                                                     |
     port 2201 ----------------------------------> port 2201

laptop# ssh workserver -L 8022:homerouter:22
laptop# ssh localhost -p 8022 -L 2201:localhost:2201

I do the exact same thing for things like IMAP/SMTP, and it works just 
fine. Please note the second SSH actually is logging directly into 
homeserver, not my laptop(localhost). It's connecting to port 8022 on 
laptop which is tied to port 22 on my homerouter which is connected to 
port 22 on homeserver. Therefore, SSH -p 8022 localhost will connect 
directly into homeserver.

> If so, you probably want to do something like this, assuming that 
> homeserver doesn't have a public IP address, so it's not directly 
> reachable from workserver, BUT you have forwarded port 22 on 
> homerouter to homeserver:

This is true.

> 	laptop# ssh workserver -L 8022:homerouter:22
> 	laptop# ssh workserver -p 8022 -L 2201:localhost:2201

This is not correct. The port 8022 is forwarded to laptop, not to 
workserver. So the second SSH above will fail to connect. Please see 
mine above.

> then you should be able to telnet to port 2201 on laptop, and end up 
> connected to port 2201 on homeserver, without opening any ports on 
> homerouter except port 22 for SSH.

This is what I'm trying to do, and it works perfectly for all the other 
ports. I use this for IMAP and SMTP (although I forward them as 8025 -> 
25 and 8143 -> 143 and use the proper ports in my client). But it does 
work.

-Robert