First, thanks to everyone whose taken the time to offer suggestions!
Brian,
You're correct, I'm simply looking for a single port (two, actually) to be
forwarded, not all a la a VPN. Specifically, I'm looking to leverage the
port
forwarding capabilities of ssh to map all incomming Internet traffic to a
single "source" IP in order to tunnel through an intermediate layer
firewall. In fact, I don't even need the encryption, as the incomming
streams are already encrypted...
We use SSH (from F-Secure) for shell sessions to our Solaris boxes already,
and we do set up occasional tunnels for administrative purposes. That's why
I was looking to SSH to provide the port forwarding capability. Coaxing the
desired capability out of the SSH software is preferable, since it's already
installed and supported by our datacenter.
If this can't be done, can stunnel be used without the encryption
capabilities?
- N.
----- Original Message -----
From: "Brian Hatch" <[EMAIL PROTECTED]>
To: "Neal Ruskin" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, November 17, 2000 10:49 PM
Subject: Re: "permanent" tunnel ??
> Does anyone know how to set up a "permanent" tunnel -- specifically, we
want
> to create a tunnel that is always up. Can the ssh server daemon be
> configured to start and maintain a tunnel? If not, does anyone have a
> suggestion as to how to accomplish this?
If you are looking for 1 port (rather than all of them, which is
what would be provided by a VPN as suggested by others) I suggest
you simply look at stunnel or sslwrap -- ssl wrappers that will
do simple encrypted port forwarding like ssh's, however they
run out of inetd or in daemon mode, thus they're not tied to
a specific ssh logon.
--
Brian Hatch What do you want?
Systems and Who are you?
Security Engineer Why are you here?
http://www.stunnel.org/
Every message PGP signed
