[TriLUG] ssh 'through' a firewall
Ralph Blach
rcblach at blach.dnsalias.org
Sat Apr 24 14:27:02 EDT 2004
Doug,
That is exaclty my situation. My son is at a school and is behind a
file. My home system is behind a file will.
the vtund simple solves that problem by creating a tunnel and then you
can directly ssh to any of the systems.
Heres what I have
son's system --- filewall ---Internet ---- filewall--- my system
other systems on
my local network
After the vtund program heres what I tet
Sons system<------>my system(acts as a router)
other systems on my home network
http://vtun.sourceforge.net/
I discovered that telnet works best since the tunneling software
encrypts and compresses.
It took about 5 minutes to set up.
Chip
Douglas Kojetin wrote:
> hi all-
>
> thanks for all the comments. let me explain my setup better (i gave a
> poor description of it before):
>
> we use a sonicwall firewall, and behind it are several computers. i
> have two IP addresses: one for the firewall unit, and one that i use
> for port forwarding through the firewall to a computer (IPs made up).
> the firewall is in 'stealth' mode.
>
> internet
> --- firewall ('external' ip address: 10.0.0.0 with a web-visable
> hostname; internal ip address: 3.0.0.0)
> -- box 1 ('external' port forwarded ip address 10.0.0.1 with a
> web-visable host name, which points to the internal ip 3.0.0.1)
> -- box 2 through 5 (internal ip 3.0.0.2 through 3.0.0.5)
>
> what i usually do is:
>
> # ssh to the port forwarded, web accessible box
> ssh -X user at 10.0.0.1
> # ssh from that machine to other machines behind the sonicwall firewall
> that do not have port forwarding hostnames/ip addresses)
> ssh -X user at 3.0.0.2
>
> maybe my setup is inefficient? should i setup in my firewall the second
> IP address (10.0.0.1) to port forward SSH at higher ports to the other
> boxes? can i do that (say, 2222 for box2, 2223 for box3, 2224 for box4,
> and so on)?
>
> thanks,
> doug
>
More information about the TriLUG
mailing list