Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We have a SSH server in our DMZ that we use as an external tunnel to our internal Perforce server for outside users. When an outside user wants to connect to our Perforce server the first start a SSH session on their local machine that routes all connections to localhost:1666 thru a SSH connection to the SSH server and on to the Perforce server. The Perforce client is then configured to look for its server at localhost:1666. One of our users IT department doesn't allow this type of connection and is requiring the connection be routed thru an addition server in THEIR DMZ running Red Hat linux. I've been tasked with helping them configure the Red Hat server but networking isn't an area where I'm strong. Can I do this by configuring iptables on the Red Hat machine? If so how?
To what extent do you want to keep the current model in place? If ssh tunnels work for you, then whilst they are a pretty ugly way to do what you seem to be doing, keep doing it. don't start adding in additional mechanisms, as things will get more confusing. ssh clients can listen to external connections as well as internal when passing traffic through a tunnel, so on the new server, which would be the ssh client you can just set that up as normal and let it forward requests from the local network to it's port 1666 to go via the tunnel as if they were beign established locally. I'd then be using iptables to very tightly control what ip's are allowed to use that service, but that's just standard firewalling.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
So have them do the same ssh connection with port forwarding from their Red Hat server to your server. The only difference is they need to use the bind_address as the internal IP address of their Red Hat server (instead of localhost or 127.0.0.1). Then they configure their Perforce clients to connect to <Red Hat server's IP> port 1666.
There's no special routing involved, they just need to setup the ssh tunnel on their DMZ machine.
Here is how one of the users IT department wants them to connect:
[UserMachine (their network)] --> [RedHat Server (their DMZ)] --> [SSH Server (our DMZ)] --> [Perforce (our network)]
So what's happening is our IT department is saying "The only way we'll allow external connections to the Perforce server is through this SSH Server" and their IT department is saying "The only way we'll allow outgoing connections of this type is by routing them through the RedHat Server".
Maybe it would be possible to create the SSH connection between their RedHat Server and our SSH Server and have them connect to the RedHat Server. Is this possible? How?
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by jbarnes1967
Maybe it would be possible to create the SSH connection between their RedHat Server and our SSH Server and have them connect to the RedHat Server. Is this possible? How?
Then their users would point their Perforce clients to their_ip:their_port
It's almost identical to how outside clients are connect now, except that in this case the Red Hat server is the "client computer" and the actual Perforce clients connect to their_ip instead of "localhost".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.