[Box Backup] bbstored/bbackupd communication ports

Robert Shaw boxbackup@fluffy.co.uk
Wed, 19 Jan 2005 16:25:05 -0800


Chris,

Nevermind! I fixed it. I'm not exactly sure why this works, but the 
following works:

laptop# ssh workserver -L 8022:homerouter:22
laptop# ssh localhost -p 8022 -L 2201:homeserver:2201

For some reason the port forward going through port 8022 to homeserver 
does not like forwarding from 127.0.0.1, but will forward properly from 
the actual IP address instead. I was essentially do this before:

laptop# ssh workserver -L 8022:homerouter:22
laptop# ssh localhost -p 8022 -L 2201:127.0.0.1:2201

but when I plug in the actual IP:

laptop# ssh workserver -L 8022:homerouter:22
laptop# ssh localhost -p 8022 -L 2201:192.168.123.456:2201

It works just fine. I wonder why my other port forwards work. I would 
have suspected they were broken as well. Maybe it's just the way 
boxbackup works that is causing it to not allow the port forwarded 
connection.

Anyway, thanks for the help on this.

-Robert


On Jan 19, 2005, at 3:53 PM, Robert Shaw wrote:

> On Jan 19, 2005, at 3:27 PM, Chris Wilson wrote:
>>> 1. Open port 2201 on my router to allow homeserver:2201 access from 
>>> the outside.
>>> 2. ssh workserver -L 2201:homeserver:2201
>>> 3. This works.
>>
>> Since you have to open port 2201, this would indicate that your 
>> bbackupd is still connecting to homeserver. You need to reconfigure 
>> it to connect to "localhost" instead. Otherwise you're not using the 
>> tunnel you just created.
>
> Not sure I understand your comment here. This method works fine. It 
> looks like this:
>
> [laptop]--[workserver]--{internet}--[homerouter]--[homeserver]
>     |                                 ^      |       ^
>     v                                 |      v       |
>     port 2201 --------------> port 2201      port 2201
>
> laptop# ssh workserver -L 2201:homerouter:2201
>
>>> 1. Close port 2201 on my router to not allow homeserver:2201 access 
>>> from outside.
>>> 2. ssh workserver -L 8022:homeserver:22
>>> 3. ssh -p 8022 laptop -L 2201:localhost:2201
>>> 4. This does not work.
>>
>> This doesn't look correct to me. Does your network look something 
>> like this?
>>
>> 	[laptop]--[workserver]--{internet}--[homerouter]<--[homeserver]
>> 					    |		   ^
>> 					    v		   |
>> 					    port 22------->port 22
>
> The network looks like this:
>
> [laptop]--[workserver]--{internet}--[homerouter]--[homeserver]
>     |                                 ^      |       ^    ^
>     v                                 |      v       |    |
>     port 8022 ----------------> port 22       port 22     |
>     |                                                     |
>     v                                                     |
>     port 2201 ----------------------------------> port 2201
>
> laptop# ssh workserver -L 8022:homerouter:22
> laptop# ssh localhost -p 8022 -L 2201:localhost:2201
>
> I do the exact same thing for things like IMAP/SMTP, and it works just 
> fine. Please note the second SSH actually is logging directly into 
> homeserver, not my laptop(localhost). It's connecting to port 8022 on 
> laptop which is tied to port 22 on my homerouter which is connected to 
> port 22 on homeserver. Therefore, SSH -p 8022 localhost will connect 
> directly into homeserver.
>
>> If so, you probably want to do something like this, assuming that 
>> homeserver doesn't have a public IP address, so it's not directly 
>> reachable from workserver, BUT you have forwarded port 22 on 
>> homerouter to homeserver:
>
> This is true.
>
>> 	laptop# ssh workserver -L 8022:homerouter:22
>> 	laptop# ssh workserver -p 8022 -L 2201:localhost:2201
>
> This is not correct. The port 8022 is forwarded to laptop, not to 
> workserver. So the second SSH above will fail to connect. Please see 
> mine above.
>
>> then you should be able to telnet to port 2201 on laptop, and end up 
>> connected to port 2201 on homeserver, without opening any ports on 
>> homerouter except port 22 for SSH.
>
> This is what I'm trying to do, and it works perfectly for all the 
> other ports. I use this for IMAP and SMTP (although I forward them as 
> 8025 -> 25 and 8143 -> 143 and use the proper ports in my client). But 
> it does work.
>
> -Robert
>
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup