Re: Change source IP to enable pass through VPN

Sun, 14 Jun 2009 20:43:05 -0700 

On Sun, Jun 14, 2009 at 08:03:54PM -0700, Lord Sporkton wrote:
> I would like to change the source IP that applications use when making
> connections for my backup.
> I have 2 firewalls, one at home, one in colo, each with a LAN segment
> behind it, the LANs are connected via IPSec.conf vpns between the
> firewalls.
> 
> The home public IP is dynamic so I was not able to make my SA specific
> between the public ips only from lan to lan. I am trying to do backups
> of the colo firewall to a thumb drive in the home firewall via the LAN
> ip of the home firewall however when the colo tries to connect(via nfs
> in this case) to the home it sources from its public IP which is not
> in the SA. I have the same problem going the other way as well. Is
> there a way to force my backup script to source from or appear to
> source from the LAN ip instead of the WAN ip?

There are numerous ways around this, most of which probably involve
more common sense.  Unfortunately, you haven't told us what sort of
backup software you're using so it's hard to make good recommendations
for your existing setup.  If your backup software will allow you to bind
to the internal address of your home firewall, that's the way to go.
Otherwise you might be able to get it working with some sort of port
redirection (bouncing off the internal interface).  But again, without
more details it's impossible for me to give you concrete examples.

Personally, I just "pull" my server backups using dump-over-ssh.  This
works great for me.  I've rebuilt my entire server within the past year
using these backups so I guarantee this process works as advertised.
Here is the script I use:

#!/bin/sh

# DayOfWeek
DOW=`date +%w`
DATE=`date +%Y%m%d`

ssh r...@server "dump ${DOW}ufa - / | /usr/local/bin/bzip2" | \
        dd of=/backups/dumps/server-root-${DOW}-${DATE}.bz2
ssh r...@server "dump ${DOW}ufa - /data | /usr/local/bin/bzip2" | \
        dd of=/backups/dumps/server-data-${DOW}-${DATE}.bz2
ssh r...@server "dump ${DOW}ufa - /home | /usr/local/bin/bzip2" | \
        dd of=/backups/dumps/server-home-${DOW}-${DATE}.bz2
ssh r...@server "dump ${DOW}ufa - /var | /usr/local/bin/bzip2" | \
        dd of=/backups/dumps/server-var-${DOW}-${DATE}.bz2


-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Reply via email to