Hi Leif, You didn't mention any operating system, but If you have Linux based box in the room you may try using ppp over ssh vpn connection:
http://tldp.org/HOWTO/ppp-ssh/index.html Of course this will be needed if only the 22th port is accessible... Otherwise any other kind of tunneling will be more easy to setup and manage. Good luck, Ventsi On 5/25/07, Leif Ericksen <[EMAIL PROTECTED]> wrote:
I have a need to securely pass traffic from a corporate Intranet server to a server on the Extranet and in turn have that pass traffic to a device on the Extranet/management net. GIVEN: D = desktop 14.1.2.189 H = hop box 11.10.10.2 E = Extranet box 10.20.1.5 M = IBM Management module on the management network. 10.30.1.6 A member of my team sneaked in a request that when we are on the CORP VPN we have access to the Extranet server. I hope this goes away soon, but I have tested this and it works. using putty first on the desktop... putty -D 8080 -P 22 -ssh E I then configure IE to talk to a socks server on 8080 and I am able to access M on ports (80/443, 1044, 1045, and 5900) now what I want to do is go D -> H ->L -> M What I have tried so far - I configure a session to ssh from D to H on port 22 - in the tunnels section I select dynamic - port 8080 - destination is set to H I save that make a connection bring up IE, and run a test, my IP is now reporting that of H rather than my desktop IP. After that I go back to putty and for the remote ssh command I have tried ssh -D 8080 E ssh -N -D 8080 E So far no luck with the double hop or the double SOCKS. I want to avoid having any extra software installed if at all possible to make this acceptable to my security group. IS this something that I can do, or will I have to get creative with the -L option (possible -R as well as -g ) so that I can move ports <1025 to that > 1025 so that I can do this as a non-root user? Now I am not looking for the complete solution but a little direction to solve the problem. But if you want to give the solution that is ok as well. I may also suggest for security we just stop and H and to go M so that we do not have unrestricted web access on D. -- Leif
