I do not think it will work for this. The IBM Blade Center Management Modules (for an 8677 blade chassis) are what I am trying to connect to on the far end.
On Fri, 2007-05-25 at 14:33 -0700, [EMAIL PROTECTED] wrote: > Have you thought about using IPsec? > > > > Please respond to [EMAIL PROTECTED] > Sent by: [EMAIL PROTECTED] > To: [email protected] > cc: (bcc: Dan Mitton/YD/RWDOE) > Subject: SSH tunnel question. > LSN: Not Relevant > User Filed as: Not a Record > > I have a need to securely pass traffic from a corporate Intranet server > to a server on the Extranet and in turn have that pass traffic to a > device on the Extranet/management net. > > GIVEN: > D = desktop 14.1.2.189 > H = hop box 11.10.10.2 > E = Extranet box 10.20.1.5 > M = IBM Management module on the management network. 10.30.1.6 > > A member of my team sneaked in a request that when we are on the CORP > VPN we have access to the Extranet server. I hope this goes away soon, > but I have tested this and it works. > > using putty first on the desktop... putty -D 8080 -P 22 -ssh E > I then configure IE to talk to a socks server on 8080 and I am able to > access M on ports (80/443, 1044, 1045, and 5900) > > now what I want to do is go D -> H ->L -> M > > What I have tried so far > - I configure a session to ssh from D to H on port 22 > - in the tunnels section I select dynamic > - port 8080 > - destination is set to H > I save that make a connection bring up IE, and run a test, my IP is now > reporting that of H rather than my desktop IP. > > After that I go back to putty and for the remote ssh command I have > tried > ssh -D 8080 E > ssh -N -D 8080 E > > So far no luck with the double hop or the double SOCKS. I want to avoid > having any extra software installed if at all possible to make this > acceptable to my security group. IS this something that I can do, or > will I have to get creative with the -L option (possible -R as well as > -g ) so that I can move ports <1025 to that > 1025 so that I can do this > as a non-root user? > > Now I am not looking for the complete solution but a little direction to > solve the problem. But if you want to give the solution that is ok as > well. I may also suggest for security we just stop and H and to go M so > that we do not have unrestricted web access on D. > > -- > Leif > > > > >
