We run fdb on a cluster that can only be accessed through ssh and only to the master node on the cluster. How can I connect to fdb in this scenario? I can make an ssh tunnel to the fdb server node and forward all the ports, but when I try to connect from outside, it seems connections are being redirected using local physical IP addresses, which don’t make any sense from outside.
Is it possible to connect in this scenario through an ssh tunnel? We’d rather not open any other ports on the compute cluster if we can avoid it.
FDB doesn’t do well with NAT, and an ssh tunnel essentially does the same IP/port rewriting that makes FDB sad. Additionally, FDB clients need access to all the nodes in the cluster, not just the master, so you’d need to open ssh tunnels to all of your processes.
If you have a small number of processes, I think you might be able to instead fuse together an ssh tunnel and tun/tap so that any packets sent to FDB cluster IPs get sent to the tun/tap interface, and then routed to FDB over the appropriate ssh tunnel.
However, any larger number of processes, and you might be better off building this as a private VPN sort of situation, or looking into using something like tailscale.