Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
On 5/23/05, Josh Rehman [EMAIL PROTECTED] wrote: On 5/23/05, André Carezia [EMAIL PROTECTED] wrote: No. Look for AllowTcpForwarding in /etc/ssh/sshd_config. I don't have permission to read that file - I'll contact the sysadmin. Thanks. Turns out that my hosting service has dissallowed usage of TCP forwarding for security concerns. Not sure what those concerns are. I may still be able to get them to turn it on though. André, your help was great - I wouldn't have known what to ask without you. Thanks again. -- It seemed to them that they did little but eat and drink and rest, and walk among the trees; and it was enough.- J.R.R. Tolkien, The Lord of the Rings, The Mirror of Galadriel
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
Josh Rehman wrote: On 5/22/05, *André Carezia* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: ssh -R 8080:localhost:80 [EMAIL PROTECTED] My apologies, I should have mentioned that that was what I tried. Here is the result: external$ telnet localhost 8080 You can't connect directly from external address. You have to connect to web server (on another port) and use ProxyPass to port 8080. -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.eng.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
Josh Rehman a écrit : On 5/22/05, *André Carezia* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: ssh -R 8080:localhost:80 [EMAIL PROTECTED] My apologies, I should have mentioned that that was what I tried. Here is the result: external$ telnet localhost 8080 Trying 127.0.0.1... telnet: connect to address 127.0.0.1 http://127.0.0.1/: Connection refused try telnet host 8080 not localhost -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
Josh Rehman wrote: [...] Does mod_proxy have some sort of priveledged access to ssh tunnels? Are you saying that my simple telnet test cannot work ever? Please send your replies to the list. internal[start server on 8080] internal[make sure server is listening] internalssh -R 8080:localhost:8080 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] externaltelnet localhost 8080 Connection Refused... It should work. Must be some non-default configuration in your provider. -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.eng.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
On 5/23/05, André Carezia [EMAIL PROTECTED] wrote: Josh Rehman wrote: [...] Does mod_proxy have some sort of priveledged access to ssh tunnels? Are you saying that my simple telnet test cannot work ever?Please send your replies to the list. Of course. Gmail Reply does not work correctly with this list, apparently. I should have checked it. internal[start server on 8080] internal[make sure server is listening] internalssh -R 8080:localhost:8080 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] externaltelnet localhost 8080 Connection Refused...It should work. Must be some non-default configuration in your provider. I agree. However I'm not sure how to look deeper into my providers configuration. I'm thinking that some usage of either ps or netstat could tell me what's going on. Thanks for your kind help.
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
Josh Rehman wrote: [...] I agree. However I'm not sure how to look deeper into my providers configuration. I'm thinking that some usage of either ps or netstat could tell me what's going on. No. Look for AllowTcpForwarding in /etc/ssh/sshd_config. -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.eng.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
On 5/23/05, André Carezia [EMAIL PROTECTED] wrote: No. Look for AllowTcpForwarding in /etc/ssh/sshd_config. I don't have permission to read that file - I'll contact the sysadmin. Thanks.
HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
I would like to expose a web server running on a personal laptop elegantly and securely. This laptop is not always connected at the same point, so a static IP will not do. I am also familiar with dynamic dns however my laptop will sometimes be behind firewalls over which I have no control. A solution which I believe is quite elegant involves ssh'ing from the laptop to my external, statically IP'd host. I would then need to notify the externally running httpd that a tunnel is now available, and then use something like the ProxyPass directive to seemlessly forward client requests to the laptop. So far I have been unsuccessful in getting this to work - using wget on the external server I get a connection refused. I have found a variety of web sites on mod_proxy, ssh tunneling. I have even found some sites that describe (sort of) how to proxy over a tunnel initiated by the external host. It would be handy to know how to do some low-level network troubleshooting. I am familiar with netstat but I'm not sure what I'm looking for. The external host should have local port 8080 open. Somehow, sshd causes this to happen when ssh connects with certain command line parms. I'm not sure how to check this apart from connecting and running wget http://localhost:8080 and hoping it hits my laptop. If this works, I think the method would be very useful for many debian users wanting to expose their own services behind an inexpensive web hosting provider. The benefits over DDNS are several. Kind regards, Josh -- It seemed to them that they did little but eat and drink and rest, and walk among the trees; and it was enough. - J.R.R. Tolkien, The Lord of the Rings, The Mirror of Galadriel
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
Josh Rehman wrote: A solution which I believe is quite elegant involves ssh'ing from the laptop to my external, statically IP'd host. I would then need to notify the externally running httpd that a tunnel is now available, and then use something like the ProxyPass directive to seemlessly forward client requests to the laptop. ssh -R 8080:localhost:80 [EMAIL PROTECTED] -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.eng.br -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
On 5/22/05, André Carezia [EMAIL PROTECTED] wrote: ssh -R 8080:localhost:80 [EMAIL PROTECTED] My apologies, I should have mentioned that that was what I tried. Here is the result: external$ telnet localhost 8080 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused I tried with and without compression and trying some other options. I'm not sure how to troubleshoot past this. I suspect I could gleen some information from either sshd or stunnel or perhaps the netstat output but I am at a loss.
Re: HOWTO reverse proxy through an internal-server-initiated ssh tunnel?
I also tried other ports but without success.-- It seemed to them that they did little but eat and drink and rest, and walk among the trees; and it was enough.- J.R.R. Tolkien, The Lord of the Rings, The Mirror of Galadriel
