AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Create ssh tunnel to server9/13/2023 Probably not feasibly.Īnother option may be to Pick a specific host like Server A or OpenWRT router and have every host make a VPN connection to it, maybe with Wireguard but I guess OpenVPN would work. Wherever you put in SSH tunnels instead putting in routing and control access with firewalls. I'm sure there is are requirements and constraints that I don't know or understand.įirst first thought would be to simplify the network so you don't have to do all the ssh tunneling. But maybe there is some routing in there represented by the WAN clouds. It appears than everything below ServerA is on a flat network w/ 10.0.0.0/8. The diagram is a little confusing as it seems to mix layer3 routeing and layer2 switching together. I may not be able to continue the discussion. I'll include some comments / questions, but don't need a response. Ssh -tt -4 -L 0.0.0.0:6001:$ip_host:6000Įcho "Unable to match supplied parameter with name '$1' in sitelist.txt Kudos to you for providing a diagram and getting it working. To make the ssh tunnel setup easier I have created a bash script that takes the Server name as an argument ($1)Īwk '/'$1'/' /root/sitelist.txt | while read server_name ip_address ip_host In the actual system this has been implemented in there is at least 50 remote servers that need connected to from the laptop. I don't think there was any other way to meet this requirement but would appreciate input from others on the setup. To drop the second tunnel it is necessary to use "Ctrl-C" Any server that can be connected to over SSH should be able to be routed as part of the tunnel. With both tunnels setup, the client application running on the laptop can access the server application running on Server C & E. The SSH tunnels in server B & D are started using: The changed 6001 port also requires to be moved back to the original port 6000. Now that packets have reached Server B & D it is necessary to create a second tunnel to reach the final destination servers C & E. A similar tunnel can be setup for the Server D connection using: Once running any packets from the laptop to UDP port 6000 will be present on Server B and can be shown using tcpdump. Iptables -A FORWARD -i eth1 -o eth0 -p tcp -m tcp -dport 6000 -j ACCEPTĪnyone paying attention will notice that the final destination port in the PREROUTING table is 6001, this is due to port 6000 already being in use on Servers B & D, it is therefore necessary to move the data to a different port.Īn SSH tunnel from Server A to B is started using the following command: It was also necessary to enable the forwarding between the eth0 and eth1 interfaces for port 6000 using the following: Iptables -t nat -A PREROUTING -i eth1 -p tcp -dport 6000 -j REDIRECT -to-port 6001 -d 10.5.0.1 In order to get the packets from eth1 to eth0 on the main Linux server it is necessary to add the following entries into the firewall table: iptables -t nat -A PREROUTING -i eth1 -p tcp -dport 6000 -j REDIRECT -to-port 6001 -d 10.3.0.1 Running the laptop application with the static routes the port 6000 data is now present on the eth1 interface and can be shown using tcpdump.
0 Comments
Read More
Leave a Reply. |