Chaining rclone to escape NAT using sftp

Hi there,

I want to set up my rclone system like described below and I am not sure how to go about it effectively.
Server A. a storage server behind a NAT firewall that I do not want to remove. I don't want to expose this server to the world wide web. Has good download rate but poor upload network rate.
Server B. a intermediate server or caching server that acts like temporary fast storage. Has excellent upload and download rate. It's only exposure to the internet is ssh.
Client C. the client or user of the system.

Now, to get this working, I though of a solution in which I make A connect via ssh to B and open a reverse connection like so:
(localhost would be A's localhost)

ssh -R 10022:localhost:22 B --vfs-cache-mode full

Now, I could of course then have C connect to port 10022 on B in order to connect to A all via ssh/sftp/scp. However, I want B to act as a cache, so I don't want a direct connection between C and A.

Thus, I decided to configure A as a sftp remote on B, and then mount A to a folder on B.

rclone mount A:/folder /folderA --vfs-cache-mode full

And as a last step, I would configure B as a sftp remote on C and then mount folderA on C.

rclone mount B:/folderA Z: --vfs-cache-mode full

This works quite well after I activated vfs cache mode.
However, I am wondering, can I improve on this somehow? It feels a bit overly complex.
I also would like Z: to be accessible when I am without internet, I want it to use the VFS. It seems to do so, but only after trying overly hard on establishing an internet connection.

All input is welcome!

Something is not set up right I think, because if I close the rclone session on C while the rclone session on B is uploading, I get the same error over and over:

2021/12/18 22:40:02 INFO  : test-file-1.mkv: vfs cache: downloader: error count now 13: vfs reader: failed to write to cache file: Open failed: file does not exist
2021/12/18 22:40:02 ERROR : Documents/test-file-1.mkv: vfs cache: failed to download: vfs reader: failed to write to cache file: Open failed: file does not exist

I am going to reply to my own topic because I have an idea.

Is it maybe more logical to serve sftp on server B with A as a remote?
I can then use --vfs-cache-mode full on server B.
However, I don't like to expose rclone's sftp server to the world wide web on server B. So when a client C wants to use the system, it will still need to tunnel to server B first.

Can I instruct rclone on client C to tunnel to the right localhost port on server B?

hello and weclome to the forum,

i agree, not a good idea to expose rclone or ssh direct to the internet.

in your case, i would use some sort of vpn.
openvpn, wiregaurd, or point ot point vpn, such as tailscale, tinc

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.