Tim Daneliuk wrote:
> Imagine the following topology:
>
>
> Laptop <-> Firewall <-> INTERNET <-> sshd Server
> |
> |
> Server@IPort
>
> (To make this simple, assume everything is running FreeBSD or Linux.)
>
>
> Here are the operating conditions:
>
> - Laptop wants to get to IPort
> - But Firewall is blocking outbound access to IPort
> - Firewall does allow outbound ssh connections
> - sshd Server has no restrictions on Net access one you're logged in
>
> So ...
>
> How do I invoke the ssh client on Laptop to establish a tunnel via
> sshd Server to get to IPort? I know how to do this when the
> desired service is hosted on sshd Server itself. It's the "getting
> to somewhere else on the net via that sshd Server" that has me stumped.
>
> TIA,

What you're describing is standard ssh port forwarding. Assuming the
laptop is running OpenSSH, and the final destination you want to connect
to is SomeServer.com, port 5000...

ssh -L 9999:SomeServer.com:5000 username@SSHDserver

Or if you want it to run in background and not open a command line to
SSHDserver,

ssh -N -L 9999:SomeServer.com:5000 username@SSHDserver &

You then connect your application to localhost (or 127.0.0.1) port 9999.
You can also make the local port the same as the remote port and I
normally do this. I just made them different for the example so you know
which port # refers to which IP.

Chuck

Tim Daneliuk wrote:
> How do I invoke the ssh client on Laptop to establish a tunnel via
> sshd Server to get to IPort? I know how to do this when the
> desired service is hosted on sshd Server itself. It's the "getting
> to somewhere else on the net via that sshd Server" that has me stumped.

Interestingly, this behaviour is exactly what is bothering me, but the
ssh arguments to forward an arbitrary connection are as follows:

ssh -N -L local_port:host.on.internetort user@sshd.server

It may be easier to just do X forwarding, though. That way the apps run
on the server while X if tunneled through the ssh connection.

If your laptop is on a WiFI network with the sshd server and you're
looking for a secure way to access the internet from the laptop through
the server, you might want to look into OpenVPN. Steer clear of WEP,
since it provides about as much security as a cartboard box.

Steven.

Chuck wrote:
> Tim Daneliuk wrote:
>> Imagine the following topology:
>>
>>
>> Laptop <-> Firewall <-> INTERNET <-> sshd Server
>> |
>> |
>> Server@IPort
>>
>> (To make this simple, assume everything is running FreeBSD or Linux.)
>>
>>
>> Here are the operating conditions:
>>
>> - Laptop wants to get to IPort
>> - But Firewall is blocking outbound access to IPort
>> - Firewall does allow outbound ssh connections
>> - sshd Server has no restrictions on Net access one you're logged in
>>
>> So ...
>>
>> How do I invoke the ssh client on Laptop to establish a tunnel via
>> sshd Server to get to IPort? I know how to do this when the
>> desired service is hosted on sshd Server itself. It's the "getting
>> to somewhere else on the net via that sshd Server" that has me stumped.
>>
>> TIA,
>
> What you're describing is standard ssh port forwarding. Assuming the
> laptop is running OpenSSH, and the final destination you want to connect
> to is SomeServer.com, port 5000...
>
> ssh -L 9999:SomeServer.com:5000 username@SSHDserver
>
> Or if you want it to run in background and not open a command line to
> SSHDserver,
>
> ssh -N -L 9999:SomeServer.com:5000 username@SSHDserver &
>
> You then connect your application to localhost (or 127.0.0.1) port 9999.
> You can also make the local port the same as the remote port and I
> normally do this. I just made them different for the example so you know
> which port # refers to which IP.
>
> Chuck

Many thanks - just what I was looking for ...