OK haven't actually tried this but quick scan of ssh manual seems to
indicate a way to do it.
Assuming FIRE and PC machines are linux and APP is whatever it should be as
easy as running on the PC machine:
ssh FIRE -L 6400:APP:6400
Once this connection is estabilished, connecting to port 6400 on the local
PC would be actually connecting to APP:6400 over encrypted tunnel.
man ssh for more info. Especially the -L (or maybe -R) switches.
Hope this helps,
Dave.
--
David Zverina
Alt Key Pty. Ltd.
http://www.altkey.com
PO Box 3121, Parramatta, 2124, Australia
> -----Original Message-----
> From: Grant Street [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 12 January 2001 14:28
> To: 'David Zverina'; [EMAIL PROTECTED]
> Subject: RE: [SLUG] Port redirecting
>
>
>
> we sell a product that is developed in FRANCE so we do not have access to
> source.
>
> Essentialy it has a "display layer" (true 3 tier) process that runs on the
> PC.
> It listens to PORT 6400 for display type commands. These commands
> are clear
> text.
> So eg "Display "Bloggs Fred" to name field" type commands(not
> actual syntax)
> are snoopable.
>
> Customers would like to run the app over the internet but would like
> encryption. We are using ssh's facilities to do this so that
> only a client
> ssh is needed on the PC.
>
> the big picture is
>
> ---------- ----------
> | | ssh | |
> | PC |6400 -----------localhost:16400| FIRE |
> | | | |
> ---------- ----------
> |IP:6400
> |
> |
> ----------
> | |
> | APP |
> | |
> ----------
>
> The application running on APP needs to communicate
> to the PC on port 6400 eventually.
>
> Grant Street
>
>
> > -----Original Message-----
> > From: David Zverina [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, 12 January 2001 13:59
> > To: Grant Street; [EMAIL PROTECTED]
> > Subject: RE: [SLUG] Port redirecting
> >
> >
> > % insmod /lib/modules/2.2.5-15/ipv4/ip_masq_portfw.o
> > % /usr/sbin/ipmasqadm portfw -a -P tcp -L FIRE_IP_ADDRESS 16400 -R
> > FIRE_IP_ADDRESS 6400
> >
> > -L means local address
> > -R means remote address
> >
> > remote address does not have to be on the firewall PC and
> > could be another
> > PC behind the firewall if required. However I am bit puzzled
> > by the need for
> > that kind of configuration. May be if you post more info about your
> > motivation, a better solution might appear.
> >
> > Cheers,
> >
> > Dave.
> >
> > --
> > David Zverina
> > Alt Key Pty. Ltd.
> > http://www.altkey.com
> > PO Box 3121, Parramatta, 2124, Australia
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Friday, 12 January 2001 13:15
> > To: [EMAIL PROTECTED]
> > Subject: [SLUG] Port redirecting
> >
> >
> > Hello all
> >
> > I have the following configuration
> >
> > ---------- ----------
> > | | ssh | |
> > | PC |6400 -----------localhost:16400| FIRE |IP:6400
> > | | | |
> > ---------- ----------
> >
> > I am initiating a ssh connection from the PC and the
> > firewall. The firewall has 2 network cards so the
> > sshd is listening on localhost:16400. I want it to
> > listen on IP:16400 or IP:6400.
> >
> > What is the best/easiest/general way of doing this
> > I'm trying to work out IP chains but I am getting lost...
> >
> > Your speedy response is appreciated :-)
> >
> > Searching is bringing up seemingly irrelevant stuff
> >
> >
> > Grant Street
> >
> >
> >
> > --
> > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> > More Info: http://slug.org.au/lists/listinfo/slug
> >
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
