Anyone have any sugestions as to how to make this work? On Tue, Oct 07, 2014 at 07:32:53PM -0400, stan wrote: > Sorry that I did not make this clear. > > Here s what I am tryin to do, I have a DB server behind a OpenbSD firewall > that we control. I have a non routable nework behind it that connect > outbound doing NAT, and inbound using rt fowarding. I have this wrking so > that mahines on the orporate network can cnnect to it by conecting to the > apropriate port on the firewall. > > We have a corporate VPN to access only certain machines on that network. > The firewall hapens to NOT be ne of thse, and I need access to this > database whiile conected ia the PVPN/ > > So, what I need to do is set up an ssh tunnell through one of te machines > hat are accessiable from the VPN. So what I am tyring to do is set hat > tunnell p. But the OpenBSD machine s efusing the conection, as shown. > > So, hee is a diagram of what I am tryng to do > > External machine -> VPN -> our machine - SSH tunnel -> FW -> DB machine > > This works already: > > our machine -> FW - DB machine > > des that make it clearer? > > On Mon, Oct 06, 2014 at 09:22:52PM -0300, Giancarlo Razzolini wrote: > > On 06-10-2014 20:59, stan wrote: > > > I have a pf configuration which corectly fowards external conections to > > > port 5432 on a machine on the inside. Iam trying to set up a machine on > > > the > > > outside to use ssh port fowarding to send ackets to port 5432 on the > > > machine runing pf (firewall). Here is my ssh command line: > > > > > > ssh -v -v -v -g -f -L 6030:phfw1:5432 stan@phfw1 -N > > > > > > I keep getting errrs in auth.og about falure to connect on that port. > > > > > > Any idea what I am ding wrong? > > > > > > > > > > > Very confusing. But if I understood correctly, you are trying to make a > > tcp port on a machine behind your firewall, available to others, in your > > internal lan, to others, right? Well, for starters, I wouldn't use dns > > names on the port forwarding part. It's prone to errors, not to mention > > the fact that you'll get confused wheter the name is resolved locally or > > remote. But it's remote, IIRC. In your case, you need to add your ip > > address to the forwarding. In your case, it would become: > > > > -L <LOCAL IP>:6030:<REMOTE SIDE IP>:5432 > > > > If it's not this that you want, please clarify. > > > > Cheers, > > > > [demime 1.01d removed an attachment of type application/pkcs7-signature > > which had a name of smime.p7s] > > > > -- > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing in e-mail? >
-- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?