Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Bridging with SSH Tunnels

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Bridging with SSH Tunnels
# 1  
Old 03-05-2002
Bridging with SSH Tunnels
Here is the scenario:

I use an OpenBSD 2.9 box as my firewall and gateway at the house. One of the boxes behind my OpenBSD box is my FreeBSDBox.

I would like to be able to use port forwarding with SSH to enable a secure connection from work to the OpenBSD box and to have the OpenBSD box foward via SSH to the FreeBSD so that I can use VNC from work to access the FreeBSDBox via the OpenBSD box.

Has anybody in the forum used multiple SSH tunnels across a gateway to accomplish this?

This is not any serious, just something to occupy my otherwise dull and drab life. Smilie
# 2  
Old 03-05-2002
Huh? (sorry).

Your post seems to make this much more complex that what it needs to be.

If you have SSHD running 'at work' they you simply terminate the end of the tunnel (in VPN) at the appropriate tunnel end point... or in client-server mode... have your client talk to SSHD.

Why so complicated? Forwarding is not required, except normally routing.....
# 3  
Old 03-05-2002
I am not using a VPN to access the box at the house.

I do not have direct access to the FreeBSD box (the gotcha).

Here is a diagram that might explain things better:

Image

I want to enable a SSH Tunnel to the OpenBSD Box that will communicate with another pre-established SSH Tunnel between the OpenBSD box and the FreeBSD box.

I have not (yet) enabled NAT/Port forwarding on the OpenBSD box.

The idea is that I want to tunnel my way all the way past the OpenBSD box into the FreeBSD box. I can setup a tunnel between the OpenBSD box to the FreeBSD box without any problems (already tested, works like a charm). This way, I never have to expose any extra ports to the world other than my already exposed SSH port. I also wanted to bypass a VPN for this. When I VPN into work from my Win2K box, all my other networks get dropped and I wanted to avoid this.

Clear as mud? Smilie
# 4  
Old 03-05-2002
Very clear. Have been doing this for at least 16 years Smilie

You need to turn on IP forwarding with the OpenBSD box (and NAT if you need it) and insure that you can route IP packets between the two end nodes (work machine and FreeBSD).... you need to insure that SSHD is running on one box (the one you want to access) and you have an SSH client on the other one.

You need to open the apppopriate SSH port on the OpenBSD box to allow things to do through... and turn this into a simple SSH client-server problem (with correct IP routing) and not a tunneling problem.

Not having IP routing (forwarding) on the OpenBSD box (your firewall) is the problem. Simply turn it on and configure away.
# 5  
Old 03-05-2002
Very good then. I will have to play with it tonight or tomorrow night. Right now, the OpenBSD box does a great job as a firewall and router. It has been a while since I have done any port forwarding that I will have to get back up to speed.

I figured the problem may not have been SSH Tunnel related but rather IP routing. You have confirmed my thoughts.

SSH Tunneling is really cool though. I just learned about it and wanted to apply it in a "real world" situation to get some experience and this seemed like a good enough task.

Thanks
# 6  
Old 03-05-2002
You can still use the OpenBSD platform as a firewall... IP forwarding does not preclude the use of forwarding... and in fact, most firewalls have IP forwarding enabled (and they do packet filtering). Application proxy services are useful, but for doing client-server SSH... opening up a port for SSH is a good idea. Just keep the rest closed, if that is what you want.
# 7  
Old 03-05-2002
Hoofah!
My first test went off without a hitch.

I created a SSH tunnel between OpenBSD and FreeBSD and directed OpenBSD:3899 to FreeBSD:25 (Sendmail, something I could easily telnet and test...)

I then created a tunnel between Work and OpenBSD. I directed Work:4899 to OpenBSD:3899.

Then on my Win2KAS at work, I dropped to a command line and executed `telnet 127.0.0.1 4899` and what was my response?

Code:
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 FreeBSDBox.HomeNet.org ESMTP Sendmail 8.11.6/8.11.6; Tue, 5 Mar 2002 16:02:3
3 -0600 (CST)

I was able to use the OpenBSD box as my go-between without a hitch! Woo-hoo!

Next I need to mapout the ports used by TightVNC and I will be on my way!

I am soooooo easy to amuse! Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Programming

Bridging Talk

Hi! I would like to start creating a bridge for good old Unix talk program. This bridge would allow you to joinIRC-channel by using talk just for example. I have a couple of questions: 1. Are there any previous attempts or implementations creating Talk bridge? 2. Which version of the talk... (9 Replies)
Discussion started by: homebeach
9 Replies

2. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

3. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

4. IP Networking

Bonding of IP tunnels

Hello. Our Company is spreaded over Germany. There are main offices an branch offices. These offices are mostly connecte via multiple sdsl. We build a IPSEC VPN Infrastructure using Aastaro Security Gateways appliances. It seemed that only one VPN Connetion between to offices could be... (0 Replies)
Discussion started by: mschwadorf
0 Replies

5. IP Networking

Linux Bridging, Wireless AP, IPv6 multicast and autoconfiguration.

Well I cannot be too certain of the setup, since it's a stock firmware, but I have a cheap Belkin wireless-n router and wanted to get some ideas of what may be going on while I've a few moments to ramble on about my problems... I requested the GPL source so I've just been pondering while waiting to... (0 Replies)
Discussion started by: neutronscott
0 Replies

6. Solaris

openindiana bridging problem (brctl)

Hello all, I was trying to hooking up several computers into my openindiana server box, the server box has few RJ45 gigabit ethernet. The desired hierarchy of the network will be shown as on the picture attached. I would like to connect each host into my gigabit ethernet because of me and my... (2 Replies)
Discussion started by: enno
2 Replies

7. HP-UX

Sharing ssh tunnels between users

userA and userB are two non-root accounts on HP-UX box. userA creates ssh tunnel (local forward) to some different host. Will userB be able to use that tunnel? What about remote forward? If not, what OS mechanism will prevent it from happening? Unfortunately I am unable to create this setup at this... (0 Replies)
Discussion started by: vkleban
0 Replies

8. IP Networking

problem with bridging!!! :(

Hello, I have an UTM that has 4 ports. I was bridged two ports of it. my pc wired to one port and other one to network. Now I can ping my default gateway but it doesn't work(I haven't access to internet) even http of gateway, what happened? what route I should added? Thanks in advance.:confused: (0 Replies)
Discussion started by: Zaxon
0 Replies
Login or Register to Ask a Question