Re: Guide(s?) to backup philosophies

To: debian-user@lists.debian.org
Subject: Re: Guide(s?) to backup philosophies
From: Dan Purgert <dan@djph.net>
Date: Thu, 23 Mar 2017 09:22:41 -0000 (UTC)
Message-id: <[🔎] slrnod754c.1o1.dan@xps-linux.djph.net>
References: <[🔎] ef34df2b-20d7-e2ed-f9a4-875cc09c9b68@cloud85.net> <[🔎] 1da38dbd-57cc-816a-b108-9b1a54159701@holgerdanske.com> <[🔎] slrnocd4r9.8pl.dan@xps-linux.djph.net> <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com> <[🔎] slrnocneu7.r9b.dan@xps-linux.djph.net> <[🔎] 9cdbe1f7-6137-ebf7-c844-3873f09bdb3c@holgerdanske.com> <[🔎] slrnod4l0b.1o1.dan@xps-linux.djph.net> <[🔎] fe7937d2-5a90-00e9-7f28-10ac1cb56b49@holgerdanske.com>

David Christensen wrote:
> On 03/22/2017 03:35 AM, Dan Purgert wrote:
>> David Christensen wrote:
>>> On 03/17/2017 03:31 AM, Dan Purgert wrote:
>>>> David Christensen wrote:
>>>>> On 03/13/2017 05:38 AM, Dan Purgert wrote:
>>>>> [...]
>>>
>>> I should clarify that:
>>>
>>>      "The backup server can be firewalled with no incoming ports and
>>>      outgoing ports limited to SSH and other required ports".
>>>
>>>
>>> I still need to figure out the "other required outgoing ports".
>>> Suggestions and comments are welcome.
>>
>> Unfortunately, pretty much "all ephemeral ports", if the server is
>> running things that initiate connections.  Some programs allow you to
>> specify what ports they're connecting from, but not all.
>
> I run ntpd on all my machines.  So, ports 123/tcp and 123/udp need to be 
> open for ongoing connections:

Good point, that :).  I was just making a comment about "other required
outgoing ports" (as many things just use an ephemeral port to initiate a
connection, rather than a defined port, as with ntp).

> [...]
>> VPN could work, but SSH into a jumpbox works just as well.
>>
>> The push script checks /etc/resolv.conf for the local domain, if it's
>> mine, then backup to the backup-server directly.
>>
>> If it's not mine, backup "critical files" to the jumpbox (which, in turn
>> is backed up to the backup-server). It's quite a bit smaller than the
>> full backups that're performed at home - just $HOME/vacation.
>
> So, you have a static IP (or dynamic DNS) for your home Internet 
> connection, you have your home gateway configured to allow incoming SSH 
> connections and direct them to an internal host "jumpbox", and your 
> laptop has a backup script that detects whether the laptop is on your 
> LAN or on the Internet.  If on the LAN, the backup script exits and 
> waits for the backup server to pull a complete backup.  If on the 
> Internet, the backup script pushes critical files over SSH to a 
> receiving directory on "jumpbox" (?).

Close enough - the script on the laptops just switches between "rsync
everything to backup-server, because you're at home" and "rsync only the
'vacation' folder to jumpbox, because you're not"



-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply to:

Follow-Ups:
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>

References:
- Guide(s?) to backup philosophies
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: Guide(s?) to backup philosophies
Next by Date: Re: Matrox G550 - MGA X server fails
Previous by thread: Re: Guide(s?) to backup philosophies
Next by thread: Re: Guide(s?) to backup philosophies
Index(es):
- Date
- Thread