Monday, August 02, 2004

Linux Tunneling

Some notes about using SharcNet nodes with ssh/tunneling.

Linux Tunneling
If pop3 server is sshd enabled:
% ssh -f -N -L 1234:localhost:110 user@POP3_server
% telnet localhost 1234
Access web server behind firewall if the web server is accessible through ssh:
% ssh -L 8080:localhost:80 129.100.19.33
When there is a ssh gateway such as gate.csd.uwo.ca:
% ssh -f -N -L 5678:129.100.19.34:80 huang@gate.csd.uwo.ca
% telnet localhost 5678 // Or open we bsite by: http://localhost:5678
Linux Reverse ssh tunnel
When only 129:100.19.34 can ssh to cat.sharcnet.ca:
% ssh -R 5678:localhost:22 cat.sharcnet.ca
Cat ssh to 129.100.19.34 : % ssh -p 5678
script:
   #!/bin/sh
# $COMMAND is to create the reverse ssh tunnel
COMMAND='ssh -N -R 5678:localhost:22 cat.sharcnet.ca'
# Is the tunnel up?
CHECK_TUNNEL=`ps -ef args | grep "$COMMAND" | grep -v grep`
# If the tunnel is not up, create the tunnel
if [ -z "$CHECK_TUNNEL" ] ; then
$COMMAND
fi
Make 129.100.19.33 web service accessible via 129.100.19.34:
(in 129.100.19.34) % ssh -fNR 8080:129.100.19.33:80 cat.sharcnet.ca
(in cat.sharcnet.ca) http://localhost:8080/a.html
Remote X tips: (if ssh -X not work)
1. Disable firewall: # /etc/init.d/iptables stop
2. Run: % ssh -R 6001:localhost:6000 huang@labmachine
3: After logon : % export DISPLAY = ":1"

Windows tunneling tips:
Access windows RDP behind firewall (such as gate.csd.uwo.ca) through Secure SSH client:
Connection: gate.csd.uwo.ca (Port 22, check "Request tunnels only")
Tunneling: Add RDP, Type->TCP, Listen Port->3456, Destination Host->129.100.19.34, Destination Port->3389
After connecting to gate.csd.uwo.ca, open Remote Desktop Client with host: localhost:3456.