Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an externally hosted website with bluehost.com and a simple network here at work.
The external website I have connects back through a reverse tunnel to my ldap server on my local network. I have a script that goes out very 10 minutes (via cron) and checks to make sure that the connection is up and if not, it restarts it. The issue is that the script that I wrote works once or twice and then sometimes not at all.
Bluehost will not let me run a ldap server. I could port forward through my firewall, but would rather tunnel to keep ports closed.
The question I have is if there is a simpler method of doing this that is as secure as a tunnel? The tunnel works fine if I run it by hand. It's flaky if run it by script.
OpenVPN comes to mind. I don't know if Bluehost supports it (don't know anything at all about them), but maybe a few phone-calls will answer some questions there, or open some doors. My general feeling is that this technology is the one more commonly used for (commercial grade) cryptographically secured tunneling.
Reverse tunnelling is wonderful, isn't it. Very few understand it but it is so useful.
I'm running reverse tunnels as well, and haven't been able to make them come up with NetworkMangler. Should run from the /etc/network/if-up.d dir, but I always have to run the script by hand, even though I have a wait 10. I suspect it has to do with slow association of wifi.
Once mine's run it generally stays up until I put the machine asleep. I have it set up for the 'sleeper' user, as per directions I found once out there. Here's one of my entries:
/usr/bin/ssh -v -f -l sleeper -i /home/sleeper/.ssh/id_ecdsa -2 -4 -c aes256-ctr,aes128-ctr -L 6543:localhost:6543 droog sleep 365d
Search on sleeper and reverse tunnel and you should find what you need.
How about sharing your cron file?
Last edited by Quantumstate; 08-23-2012 at 11:29 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.