[TriLUG] sftp/ssh to boxes behind a firewall
dbrain at gmail.com
Wed Apr 4 12:19:55 EDT 2007
Of course then you are exposing the ssh port on (another) internal box
to the outside.
I'd be a little cautious of doing this, my current setup has my
router redirecting ssh traffic to a somewhat hardened internal box,
which has fairly restrictive ingress/egress firewalling and also some
rules in place to prevent (or at least discourage) the perpetual
dictionary attacks against ssh on port 22. I'm not sure I'd want to
replicate & maintain this on an additional internal box if only
occasional access is required.
On 4/4/07, John F. Davis <davis at trilug.org> wrote:
> On Wed, Apr 04, 2007 at 08:16:06AM -0400, Roy Vestal wrote:
> > I'm looking for the best/easiest way to do this.
> > Currently, I ssh to machine 1, then have to ssh to machine 2. Is there
> > anyway, using ssh to create a kind of tunnel like I can with vnc over
> Hello Roy,
> You can run ssh on the box behind the firewall on normal port. Simply
> add a firewall rule that redirects traffic from a nonstandard port to
> the box.
> ie. port 2230 goes to ip x.x.x.30 port 22
> port 2231 goes to ip x.x.x.31 port 22
> Here is an example which routes telnet to a "server" which then forwards
> it to a "target".
> [0:0] -A PREROUTING -i ! eth1 -p tcp -m tcp --dport 6730 -j DNAT
> --to-destination 192.168.0.30:23
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
More information about the TriLUG