[Techtalk] url port forward?

Rachel McConnell rachel at xtreme.com
Fri Oct 1 16:17:28 EST 2004 

Hi overhaul,

There is another potential solution to this situation, assuming you have 
an account on server B, which is an SSH tunnel.  Advantage to this is 
that it only requires setup on your home machine C, not on server B - 
unless server B doesn't have an SSH server which would be surprising.

You do it like this:

$ ssh -L 80:server.A:80 yourusername at server.B

and enter your password on server B when prompted.  (As with any ssh 
session, if your username on C is the same as on B, you can leave out 
the yourusername@ bit.)

Then from your machine you can access server A as 'localhost'.  (If you 
need to use a different hostname for some reason, you can pick one and 
put it in your hosts file as an alias for 127.0.0.1)


To break down the command line bit:

the -L option tells ssh to set up an outgoing tunnel

the 80's are the ports on your machine and on server A (I don't remember 
which is which and am too lazy to look it up)

the bit in between the 80's, "server.A", is a reference to server A as 
server B would resolve it.  This bit was confusing to me for a while, 
but it's just as if you logged onto server B, and then went to ping, 
telnet, scp, wget, etc. to server A.  Use the same name or IP address 
you would with any of those other tools.

finally, yourusername at server.B simply says what machine to ssh TO.


The ssh tunnel will stay open as long as you keep the shell open, so you 
could conceivably do this once and it'll stick until you shut down or go 
offline.  Otherwise, just set up the tunnel at the start of your online 
session.  You might be able to set it up to tunnel automatically when 
you log on - someone else will have to advise on this part, though!

Disclaimer: I've done this a LOT in my own office/home setup, but there 
may be something about your setup that makes this solution non-optimal 
or even impossible, that I might have missed.  I'm really not very 
knowledgable about networking in general, I just happen to do this 
specific thing constantly!

Rachel

overhaul wrote:
> Hello all,
> 
> I have a small problem I hope someone can help with...
> 
> I have a webserver that will only allow port 80 access from a select few
> source ip's.    I am trying to set up a sortof url "hop" so I can access
> this server from anywhere by making it look as tho I'm coming from one
> of the allowed ip sources.     The reason for this is my home ip is
> dynamic and I don't want to have to constantly update the ipf rules on
> this server everytime my ip changes.  Opening the server up to my entire
> isp is not an option either.
> 
> I was told I could set up something called a "url forward?" whereby I
> can access server "A" from server "C"(home) by pulling up a url on
> server "B".  server "B" which is allowed access by "A" then redirects
> the request coming from "C" to "A" giving it it's own source ip.
> 
> I know how to setup port forwarding on a router but I don't want to
> forward EVERY request on B to A and I don't think that changes request
> source ip anyway.
> 
> I hope my desription isn't too confusing.
> 
> I'm thinking it has to do with proxy.   apache module mod_proxy.c.. 
> anybody know how to do this?
> 
> thanks,
> -o
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>

More information about the Techtalk mailing list