Sounds like a good solution but like the IP V6 it might not work. On the desktop server we have Internet Explorer and Windows XP I do have admin rights there but corporate policy limits what can be installed.
The first box that I wish to bounce my traffic off of is a Solaris server, and I do not have admin rights on that server. The Box on the Extranet is a Linux server and I am root on that server. Then finally the management Module that runs a web server and provides a webmin/vnc like feature that is run by Javascript is IBM code to monitor and manage the blades in the blade center. Nothing can installed on the management module since it is run by firmware. The ports for remote control can not be changed unless IBM recently updated that (because of complaints I and others have made) Blessed by the Security group from the corporate desktop with a permanent lease is direct access to the management module (ports 80/443/1044/1045/5900). But that does not help when I am connected to the corporate VPN (1044/1045/5900 are restricted if only I could make that be port 8950 or something other than 5900 I would not have this issue). This is not something that I am trying to do to just bypass security, I am trying to do this and have it blessed by the security group. I also own only a few parts of the puzzle, and like my desktop I am limited on what can be installed on the extranet server by corporate policy. -- Leif On Mon, 2007-05-28 at 11:36 +0300, Ventsislav Genchev wrote: > Hi Leif, > > You didn't mention any operating system, but If you have Linux based > box in the room you may try using ppp over ssh vpn connection: > > http://tldp.org/HOWTO/ppp-ssh/index.html > > Of course this will be needed if only the 22th port is accessible... > Otherwise any other kind of tunneling will be more easy to setup and > manage. > > Good luck, > Ventsi > > On 5/25/07, Leif Ericksen <[EMAIL PROTECTED]> wrote: > > I have a need to securely pass traffic from a corporate Intranet server > > to a server on the Extranet and in turn have that pass traffic to a > > device on the Extranet/management net. > > > > GIVEN: > > D = desktop 14.1.2.189 > > H = hop box 11.10.10.2 > > E = Extranet box 10.20.1.5 > > M = IBM Management module on the management network. 10.30.1.6 > > > > A member of my team sneaked in a request that when we are on the CORP > > VPN we have access to the Extranet server. I hope this goes away soon, > > but I have tested this and it works. > > > > using putty first on the desktop... putty -D 8080 -P 22 -ssh E > > I then configure IE to talk to a socks server on 8080 and I am able to > > access M on ports (80/443, 1044, 1045, and 5900) > > > > now what I want to do is go D -> H ->L -> M > > > > What I have tried so far > > - I configure a session to ssh from D to H on port 22 > > - in the tunnels section I select dynamic > > - port 8080 > > - destination is set to H > > I save that make a connection bring up IE, and run a test, my IP is now > > reporting that of H rather than my desktop IP. > > > > After that I go back to putty and for the remote ssh command I have > > tried > > ssh -D 8080 E > > ssh -N -D 8080 E > > > > So far no luck with the double hop or the double SOCKS. I want to avoid > > having any extra software installed if at all possible to make this > > acceptable to my security group. IS this something that I can do, or > > will I have to get creative with the -L option (possible -R as well as > > -g ) so that I can move ports <1025 to that > 1025 so that I can do this > > as a non-root user? > > > > Now I am not looking for the complete solution but a little direction to > > solve the problem. But if you want to give the solution that is ok as > > well. I may also suggest for security we just stop and H and to go M so > > that we do not have unrestricted web access on D. > > > > -- > > Leif > > > > > > >
