Have you thought about using IPsec?
Please respond to [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: [email protected] cc: (bcc: Dan Mitton/YD/RWDOE) Subject: SSH tunnel question. LSN: Not Relevant User Filed as: Not a Record I have a need to securely pass traffic from a corporate Intranet server to a server on the Extranet and in turn have that pass traffic to a device on the Extranet/management net. GIVEN: D = desktop 14.1.2.189 H = hop box 11.10.10.2 E = Extranet box 10.20.1.5 M = IBM Management module on the management network. 10.30.1.6 A member of my team sneaked in a request that when we are on the CORP VPN we have access to the Extranet server. I hope this goes away soon, but I have tested this and it works. using putty first on the desktop... putty -D 8080 -P 22 -ssh E I then configure IE to talk to a socks server on 8080 and I am able to access M on ports (80/443, 1044, 1045, and 5900) now what I want to do is go D -> H ->L -> M What I have tried so far - I configure a session to ssh from D to H on port 22 - in the tunnels section I select dynamic - port 8080 - destination is set to H I save that make a connection bring up IE, and run a test, my IP is now reporting that of H rather than my desktop IP. After that I go back to putty and for the remote ssh command I have tried ssh -D 8080 E ssh -N -D 8080 E So far no luck with the double hop or the double SOCKS. I want to avoid having any extra software installed if at all possible to make this acceptable to my security group. IS this something that I can do, or will I have to get creative with the -L option (possible -R as well as -g ) so that I can move ports <1025 to that > 1025 so that I can do this as a non-root user? Now I am not looking for the complete solution but a little direction to solve the problem. But if you want to give the solution that is ok as well. I may also suggest for security we just stop and H and to go M so that we do not have unrestricted web access on D. -- Leif
