Greg/Charles, that was a really good HOWTO you just wrote. I wish you had done it a few days ago :-) I spent the last few months puzzling out how to do exactly what you just described. Just yesterday I attained my 'holy grail' of networking which was to click'n'drag files from my Windoze workstation at work to my Linux workstation behind EigerStein2B4 at home. I use Secure iXplorer (www.i-tree.org) on the Windoze machine, which works well with the Putty programs. It's a GUI front end for the Putty Secure Shell Copy (PSCP) program. If anyone needs to see details of the setup, drop me a line. I guess I need a new holy grail now. (I already got VNC working, too, but my upload speed at home is only 90KB which makes for realy slow screen updates.) Any suggestions for a new grail? -John
--- Greg Morgan <[EMAIL PROTECTED]> wrote: > "Henning, Brian" <[EMAIL PROTECTED]> > wrote: > > > > hello- > > > > I am using echowall on dachstein LRP. I have a > windows 2k pro machine that i > > can ssh into from the outside. i am also running > an http server on my w2k > > machine. I am port forwarding ssh through my > router/firewall. My problem is > > I am not sure how to tunnel the http to the > *outside world*. I am not sure > > if it is possible. Any thoughts or suggestions? > > > > thanks > > > > brian > > > > Charles gave you the answer to this before, but if > you are coming from a > windows world it may not make sense. I attached his > original post at the > end of this message. Here's what I'll presume about > you. You are on a > windows client at work or somewhere else connecting > to your LEAF box. > As you described you have a Windows 2000 box with a > web page you want to > see. There are allot of things to keep straight in > ones mind when you > start playing with port forwarding and SSH. In > short, you are not > trying to "tunnel the http to the *outside world*" > but you tell your > clients how to tunnel to the service. > > First off think of your LEAF box as just a patch > cord. You have taken a > cord and plugged it into a receptacle named 22 > available to the rest of > the world. The other end of the cord has been > plugged into 22 on your > W2K box. That's all port forwarding does in LEAF. > LEAF is completely > out of the picture now. All that is is is a pipe > for data to flow > over. You have successfully done that as you > describe above. > > Now let's talk about the magic of SSH. SSH is one > protocol. It allows > a person to setup an encrypted link between two > computers. Typically, a > telnet like feature is used within the SSH suite to > talk to another > server and run commands on it. Ahhhh but there are > a few more tricks up > SSH's sleeve. SSH allows you to build other pipes > within the port 22 > pipe. This is normally referred to as tunneling. > Within the port 22 > pipe you can create multiple tunnels. For example I > have both regular > SSH and web tunneled to a windows machine. I > created these tunnels to > try and explain what you'll need to do. If I wanted > to ftp through SSH, > then you could add this too. Name a protocol and > try it. You are > really just redirecting a port that the protocol > normally uses on your > localhost to the desired port on your server. > > There are several SSH packages for Windows. I'll > describe putty. You > will need version 0.52. My prior version, 0.51, did > not have the > features to perform the tasks you're asking for. > (And yes I upgraded > today to try it out. :) ) > "A.8.8 How do I pronounce PuTTY? > "Exactly like the normal word "putty". Just like the > stuff you put on > window frames. (One of the reasons it's called PuTTY > is because it makes > Windows usable. :-) > http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html > > Download the executables from > http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. > You > will want plink.exe especially. plink is short for > putty link. You > will want to setup your private key on the windows > client computer that > attaches to LEAF. > > plink.exe takes the SSH part and simplifies building > tunnels within the > port 22 pipe on a Windows PC. I have a Samba Server > on a Linux box that > acts like your W2K box. I used a windows PC with > putty and plink to > connect to it. Here's the command I used where > > myLEAFipAddress is the address to LEAF > performing port forwarding. > myuser is the userid on the W2K box. > myW2kboxIPorName is the ip or name of your W2k > box. You would need > to add the name in c:\windows\host > file for a server name to work. > > plink -L 80:myLEAFipAddress:80 > myuser@myW2kboxIPorName > > This establishes the tunnel. I do not have a web > server on my windows > PC. However, when I use > > http://localhost/ > > in the web browser, I see my what my Apache server > is providing me. > Remember port 80 is the default port used by > browsers i.e. > http://localhost/ is the same as > http://localhost:80/. SSH through > plink is creating a tunnel to my local machine or a > secure patch cord. > plink forwards whatever connects on my local windows > box at port 80 to > the other server on port 80. You have to just > believe this until it > makes sense. Also note the localhost is the name > for ip address > 127.0.0.1. Every networking host has this available > to it. > > Perhaps the -L 80:myLEAFipAddress:80 is confusing > because the command is > using the same port numbers on both ends of the pipe > or tunnel. Let's > try this since I am putting off filling out my 1040 > tax forms >:} > > plink -L 1040:myLEAFipAddress:80 > myuser@myW2kboxIPorName > > Now use > > http://localhost:1040/ > > in the web browser. Once again I see the pages > Apache is serving up to > me. If you will, plink makes a web server available > on your client > windows PC. Without plink forwarding the web server > over SSH to the > windows client, you would receive the typical 404 > http error message. > > Note that SSH is a server process in this > configuration. If you need > two way communication that is where both ends of the > tunnel need to > perform peer tasks, then you will want to > investigate CIPE. CIPE > specializes in the tunneling that SSH does and > sometimes has problems > doing > http://sites.inka.de/~bigred/devel/tcp-tcp.html. > The main CIPE site is at > http://sites.inka.de/~bigred/devel/cipe.html. > > I hope this helps. I had fun exploring it for you > and others that may > need this technique. I have not had the need to do > this yet but it was > interesting exploring it. > > Regards, > Greg Morgan > > This information may be helpful even though it talks > about using the > putty client and not plink. > > http://www.chiark.greenend.org.uk/~sgtatham/putty/0.52/puttydoc.txt > > 3.5 Using port forwarding in SSH > > The SSH protocol has the ability to forward > arbitrary network > connections over your encrypted SSH > connection, to avoid the > network traffic being sent in clear. For > example, you could use > this to connect from your home computer to a > POP-3 server on a > remote machine without your POP-3 password > being visible to > network > sniffers. > > In order to use port forwarding to connect > from your local > machine > to a port on a remote server, you need to: > > - Choose a port number on your local > machine where PuTTY should > listen > for incoming connections. There are > likely to be plenty of > unused > port numbers above 3000. > > - Now, before you start your SSH > connection, go to the Tunnels > panel > (see section 4.17.2). Make sure the > `Local' radio button is > set. > Enter the local port number into the > `Source port' box. Enter > the > destination host name and port number > into the `Destination' > box, > separated by a colon (for example, > `popserver.example.com:110' to > connect to a POP-3 server). > > - Now click the `Add' button. The details > of your port > forwarding > should appear in the list box. > > Now start your session and log in. (Port > forwarding will not be > enabled until after you have logged in; > otherwise it would be > easy > to perform completely anonymous network > attacks, and gain access > to > anyone's virtual private network). To check > that PuTTY has set up > the port forwarding correctly, you can look > at the PuTTY Event > Log > (see section 3.1.3.1). It should say > something like this: > > 2001-12-05 17:22:10 Local port 3110 > forwarding to > popserver.example.com:110 > > Now if you connect to the source port number > on your local PC, > you > should find that it answers you exactly as if > it were the service > running on the destination machine. So in > this example, you could > then configure an e-mail client to use > `localhost:3110' as a POP- > 3 server instead of > `popserver.example.com:110'. (Of course, the > forwarding will stop happening when your > PuTTY session closes > down.) > > You can also forward ports in the other > direction: arrange for a > particular port number on the _server_ > machine to be forwarded > back > to your PC as a connection to a service on > your PC or near it. To > do > this, just select the `Remote' radio button > instead of the > `Local' > one. The `Source port' box will now specify a > port number on the > _server_ (note that most servers will not > allow you to use port > numbers under 1024 for this purpose). > > The source port for a forwarded connection > usually does not > accept > connections from any machine except the SSH > client or server > machine > itself (for local and remote forwardings > respectively). There are > controls in the Tunnels panel to change this: > > - The `Local ports accept connections from > other hosts' option > allows > you to set up local-to-remote port > forwardings in such a way > that > machines other than your client PC can > connect to the > forwarded > port. > > - The `Remote ports do the same' option > does the same thing for > remote-to-local port forwardings (so that > machines other than > the > SSH server machine can connect to the > forwarded port.) Note > that > this feature is only available in the SSH > 2 protocol, and not > all > SSH 2 servers support it (OpenSSH 3.0 > does not, for example). > > > >> This might seem like a silly question but, here > it goes anyway. Is it > >> possible to tunnel http through ssh on port 22 > and access a website from > >> outside the local network? > > > >Absolutely! Run something like the following on > your local system (use > >cygwin on a windows box) > > > >ssh -L 80:<remote IP or domain>:80 <remote system> > -l <remote-user-name> > > > >This will connect your local port 80 to port 80 on > <remote IP or domain> via > >an ssh connection to <remote system>. > > > >To access the remote website, just go to > http://localhost , or > >http://127.0.0.1 > > > >Charles Steinkuehler > >http://lrp.steinkuehler.net > >http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user __________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
