Accepting inbound SSH for further forward

B

bluepolo

Registered
Hi Everyone

I'm a relative newbie, so be kind to me :)

I have been asked if it is possible to join 2 networks using SSH between 2 bridgehead machines.

Basically creating SSH tunnel between local machine and remote server is easy, but is there a way to allow that local machine to accept inbound connections which then get forwarded on?

We would like to do this for AFP and IMAP

TIA

BP
 
You can not easily connect two subnets using ssh, you could connect to an ssh server and forward to your mail server though.

Code: 
 ssh -L 2222:your.imap.server:143 youraccount@your.ssh.server

assuming your IMAP server is running on 143 you could then connect to it from port 2222 on the local gateway. (Depending upon security on your local gateway you might be able to set the local port to 143 instead of 2222.)

You can use the same command to forward AFP to a single remote server, but not the entire subnet. To forward AFP to the entire remote subnet is not as easy. The only way I know of to accomplish this it with SSH would be to tunnel PPP through SSH, which is not the easiest thing to set up. Someone else might have an easier solution.

To truly connect your 2 subnets you should use a VPN solution though. I would suggest IPSEC over L2TP but that is not trivial to set up either. PPTP should work as well and is easier to set up, but not as reliable in my experience if the tunnel is persistent. For an hour or two at a time it should be fine though.

Setting up IPSEC is beyond what I would try to do using forum messages, but a little googling for "IPSEC", "PPTP", or "SSH PPP" should lead you in the right direction. Just being curious, what platform are your two gateway machines?
 
All machines in office A are OSX, in office B they are split OSX/Windoze, but at both sites the server is OSX.

I have a partial answer from using Tunnel Manager. It has a 'allow remote connections to local ports' tick box and using this gains me a partial answer, because now users in A can connect to their local server on, say, 5480 and it'll be forwarded to server B on 548.

Not sure how to do this for SMB though. i would need to forward 139 (I think) but if the server at B already runs SMB it needs 1239 already.

Getting there...

BP
 
You must log in or register to reply here.
Back
Top