Remote client =outgoing tunnel=> Linux host <=incoming tunnel= local host
#Timbuktu ssh proxy server how to#
If anyone has a better suggestion on how to do this, I'd love to hear it.Īctually, it is necessary to open a tunnel from the remote client (private network) to the intermediary Linux host (DMZ) due to firewall policy. The network ugliness on both ends is circumvented. Use '-l username' if the username at your command prompt is not the same as the name of the account on the go-between server.īoth ends use an ssh tunnel to the go-between server, which acts as a switchboard operator, forwarding ports from one session to the other. Finally, you tell Timbuktu to connect to the port on your machine that is being forwared the traffic.
The '-L' command on the local end tells the go-between to forward its traffic on port 10407 to your local machines's port 10407. 407 is the Timbuktu port, but any service can be forwarded like this if you know the proper port number. The '-R' command on the remote end forwards port 407 from the remote machine to port 10407 on the go-between. The '-C' command enables compression, which speeds up the connection. On the remote end, open Terminal and enter the following command: % ssh -C goBetweenIP_Address -R 10407:localhost:407 -l usernameOn the local end, open Terminal and enter: % ssh -C goBetweenIP_Address -L 10407:localhost:10407 -l usernameOn Timbuktu, connect to localhost:10407. For this to work, the remote user must have a login to the go-between ssh server. The solution involved using an exposed third computer with an ssh server as a go-between. To complicate things, I do not have the administrator's help on the remote end (ie I can't reconfigure either Airport or remote firewall). The remote machine is shielded behind both an Airport using NAT, and the firewall of the parent company. The problem was that I regularly have to Timbuktu into a remote user's machine from behind my company's firewall to give that user support. I had a problem at work that I solved through trial and error.
0 kommentar(er)
