[TriLUG] sftp/ssh to boxes behind a firewall

David Brain dbrain at gmail.com
Wed Apr 4 12:19:55 EDT 2007


Yes,

Of course then you are exposing the ssh port on (another) internal box
to the outside.

I'd  be a little cautious of doing this, my current setup has my
router redirecting ssh traffic to a somewhat hardened internal box,
which has fairly restrictive ingress/egress firewalling and also some
rules in place to prevent (or at least discourage) the perpetual
dictionary attacks against ssh on port 22.  I'm not sure I'd want to
replicate & maintain this on an additional internal box if only
occasional access is required.

David.


On 4/4/07, John F. Davis <davis at trilug.org> wrote:
> On Wed, Apr 04, 2007 at 08:16:06AM -0400, Roy Vestal wrote:
> > I'm looking for the best/easiest way to do this.
> >
>
> > Currently, I ssh to machine 1, then have to ssh to machine 2. Is there
> > anyway, using ssh to create a kind of tunnel like I can with vnc over
>
>
> Hello Roy,
>
> You can run ssh on the box behind the firewall on normal port.  Simply
> add a firewall rule that redirects traffic from a nonstandard port to
> the box.
>
> ie. port 2230 goes to ip x.x.x.30 port 22
>     port 2231 goes to ip x.x.x.31 port 22
>
> etc.
>
> Here is an example which routes telnet to a "server" which then forwards
> it to a "target".
>
> [0:0] -A PREROUTING -i ! eth1 -p tcp -m tcp --dport 6730 -j DNAT
> --to-destination 192.168.0.30:23
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list