Good thoughts, BUT we have a little thing called corporate Policy, and unless even open source is approved we can not put it on our servers with out an exception process. As well some points are I do not own root or admin on all parts. Ideally we are to have the final two piece of the puzzle on a network that is isolated for the Corporate network via a hop or jump box. Some folks have violated that and it is a matter of time before the ports are closed.
So we have this situation. XP -> Corporate XP Desktop I do have admin rights. HOP -> This is the HOP Box on Solaris NO ADMIN rights there. FW -> Firewall Controlled by computer security BLADE -> This is one of 120 IBM blade servers one interface talks to the hop box and other blade, while the other interface is on the Intenet. MM -> This would be my Management Module (search on IBM.com for 8677 blade centers to learn more or get me off the list) This is what I have. XP -> FW -> HOP -> FW -> BLADE -> MM IN putty set up a SSH connection to go to HOP In Tunnels setup the Following: -L 443:localhost:1443 -L 80:localhost:1180 -L 1044:localhost:11044 -L 1045:localhost:11045 -L 5900:localhost:15900 Then with putty in the SSH section you do the following under command line: ssh -NL 1443:MM:443 -L 1180:MM:80 -L 11044:localhost:1044 -L 11045:localhost:1045 -L 15900:MM:5900 BLADE You now point your browser to localhost, but traffic is tunneled/encapsulated and redirected to MM. The help that I received from Joseph Spenner as well as some redirection from a person inside my company that IS Security brought in on this resulted in the above solution. This solution works. It uses already approved software on the corporate network, stays within IS Security guidelines, and does not result in needing to request any new holes be punched into the firewall. I will be glad to talk with anybody that wants to know more offline. If this list in general wants to know more I will keep discussion on the list. Thank You for the suggestion. -- Leif Ericksen On Wed, 2007-06-06 at 15:00 +0300, Ventsislav Genchev wrote: > Then, how about considering using openvpn, instead of some solution > based on ssh? With openvpn you can build a client to server vpn > connection and also define the port and even the protocol that will be > used. > > The only thing that might bother you is that you'll need to install an > openvpn tool for your Windows Desktop station. > > Check out: http://openvpn.net/ > > Cheers, > Ventsi Remainder of the data stripped.
