David Christensen wrote: > On 03/22/2017 03:35 AM, Dan Purgert wrote: >> David Christensen wrote: >>> On 03/17/2017 03:31 AM, Dan Purgert wrote: >>>> David Christensen wrote: >>>>> On 03/13/2017 05:38 AM, Dan Purgert wrote: >>>>> [...] >>> >>> I should clarify that: >>> >>> "The backup server can be firewalled with no incoming ports and >>> outgoing ports limited to SSH and other required ports". >>> >>> >>> I still need to figure out the "other required outgoing ports". >>> Suggestions and comments are welcome. >> >> Unfortunately, pretty much "all ephemeral ports", if the server is >> running things that initiate connections. Some programs allow you to >> specify what ports they're connecting from, but not all. > > I run ntpd on all my machines. So, ports 123/tcp and 123/udp need to be > open for ongoing connections:
Good point, that :). I was just making a comment about "other required outgoing ports" (as many things just use an ephemeral port to initiate a connection, rather than a defined port, as with ntp). > [...] >> VPN could work, but SSH into a jumpbox works just as well. >> >> The push script checks /etc/resolv.conf for the local domain, if it's >> mine, then backup to the backup-server directly. >> >> If it's not mine, backup "critical files" to the jumpbox (which, in turn >> is backed up to the backup-server). It's quite a bit smaller than the >> full backups that're performed at home - just $HOME/vacation. > > So, you have a static IP (or dynamic DNS) for your home Internet > connection, you have your home gateway configured to allow incoming SSH > connections and direct them to an internal host "jumpbox", and your > laptop has a backup script that detects whether the laptop is on your > LAN or on the Internet. If on the LAN, the backup script exits and > waits for the backup server to pull a complete backup. If on the > Internet, the backup script pushes critical files over SSH to a > receiving directory on "jumpbox" (?). Close enough - the script on the laptops just switches between "rsync everything to backup-server, because you're at home" and "rsync only the 'vacation' folder to jumpbox, because you're not" -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
