On Wed, 24 Nov 2010, Brendan Halpin wrote:
> I have two machines, A in the DMZ and B in the protected part of the
>> B can see A, but A can't see (ping, etc) B unless B has initiated a
> connection (e.g., A can respond to B's HTTP requests).
>> Is there a secure way to make a more general connection from B to A so
> that A can "see" B in a wider sense (ssh from A to B, read B-mounted
> samba share from A, etc.).
You can start an SSH connection from B->A and forward specific ports from the
localhost on A to the real ports on B, though that may get a little messy,
B# ssh -R 22:localhost:10022 -R 445:localhost:10445 A
A# ssh -p 10022 localhost
will connect to B
A# smbclient -p 10445 localhost
will connect to samba on B
You can use the standard port (eg 22 for ssh), but not if A already listens
on that port (and ssh must run as root).
It might be tidier to look at the ssh-based VPN (see the ssh man page)
which will create a little VPN between the two over SSH. You could use a
script to maintain the ssh connection, or possibly use autossh. I haven't
done this much myself but the man page has very specific examples.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!