LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-16-2013, 08:23 PM   #1
alaios
Senior Member
 
Registered: Jan 2003
Location: Aachen
Distribution: Opensuse 11.2 (nice and steady)
Posts: 2,203

Rep: Reputation: 45
Help me understand tunneling before I set it up


Dear all,
I will need your help to understand what ssh tunneling can offer. I have to introduce three terms first

home computer, the one I use to connect remotely to my working computer
work computer, where all my work is done during the day
gateway, a computer in our work that we have to connect through to gives us access to the work"s lan. I just care for the work computer.

In my work computer I have set up my ssh and nx to answer to port 5903 which I need your help to connect to.

That means that I would need first to go through the gateway. Gateway is running linux and it supports tunneling.

Now I need your help to understand the concept of tunneling and what should I do to my home computer to be able to reach the port 5903 of my work computer.

I would like to thank you in advance for your reply

Regards
Alex
 
Old 10-16-2013, 09:33 PM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726

Rep: Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706
Hi,

there are two common ways of doing this. I'll use your home, work, and gateway definitions here.

1. Set up a local tunnel using "ssh -L".
This makesd some high numbered port on your home machine forward to the sshd port on your work machine via a connection to the gateway. Then you ssh to that port on the home machine and the connection will go to the work machine.

Set up the tunnel. On home run:
Code:
ssh -t -L 9999:work:5903 gateway
This will create the tunnel and give you a terminal on the gateway machine.
Next, open a new terminal on home and run
Code:
ssh -p 9999 localhost
This will give you a shell on work.

2. Using proxycommand.
This is by far my preferred method. Basically you tell ssh how to hop from one machine to the next by putting some directives in your ~/.ssh/config
So you would add the following to ~/.ssh/config on home.
Code:
Host work
   ProxyCommand ssh -qax -W %h:%p gateway
   Port 5903
Thats it. Now you can just "ssh work" from home.
Code:
ssh work
I think this method is far superior. You don't have to explicitly set up (and maintain) tunnels, you don't have to use some strange incantation (ie "ssh -p 9999 localhost") when you want to ssh to work, it works transparently with scp, rsync, sshfs etc.
Note also that if you have different usernames on the different machines you can also put them in the .ssh/config to save you needing to type that. For example if on home your username is alaios but at work you are alex, you can make your .ssh/config look like

Code:
Host gateway
   User alex
Host work
   User alex
   ProxyCommand ssh -qax -W %h:%p gateway
   Port 5903
HTH,

Evo2.
 
2 members found this post helpful.
Old 10-17-2013, 11:00 AM   #3
alaios
Senior Member
 
Registered: Jan 2003
Location: Aachen
Distribution: Opensuse 11.2 (nice and steady)
Posts: 2,203

Original Poster
Rep: Reputation: 45
Quote:
Originally Posted by evo2 View Post
Hi,

there are two common ways of doing this. I'll use your home, work, and gateway definitions here.

1. Set up a local tunnel using "ssh -L".
This makesd some high numbered port on your home machine forward to the sshd port on your work machine via a connection to the gateway. Then you ssh to that port on the home machine and the connection will go to the work machine.

Set up the tunnel. On home run:
Code:
ssh -t -L 9999:work:5903 gateway
This will create the tunnel and give you a terminal on the gateway machine.
Next, open a new terminal on home and run
Code:
ssh -p 9999 localhost
This will give you a shell on work.
Hi
the first method actually worked and I am happy to get a console. I was also able to launch nx client that is running on the correct port.
I am only worried now how I can also forward -X through the gate, so once I am connected to my work computer to be able to launch X commands.
Would that be also possible?

Regards
Alex
 
Old 10-17-2013, 08:48 PM   #4
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726

Rep: Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706
Hi,
Quote:
Originally Posted by alaios View Post
the first method actually worked and I am happy to get a console. I was also able to launch nx client that is running on the correct port.
If your nx client has native socks support you may be interested in using a socks proxy from the -D ssh option.

Quote:
I am only worried now how I can also forward -X through the gate, so once I am connected to my work computer to be able to launch X commands.
Would that be also possible?
Why "worry"? Go ahead and test it. :-) Note also, that instead of typing "-X" every time you might instead want to use "ForwardX11 yes" in your ~/.ssh/config

Cheers,

Evo2.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The reason for to set nickname on - please help to understand igadoter Slackware 2 08-28-2010 05:15 AM
HTTP Tunneling or VPN Tunneling Teomari Linux - Networking 3 04-09-2007 08:52 PM
Tunneling Randvegeta Linux - Networking 4 09-21-2005 11:42 AM
Bitchx SSH/Tunneling set-up (OpenSSH) lion paw Linux - Software 0 09-12-2005 02:45 PM
incoming tunneling or tunneling via a 3rd party? JustinHoMi Linux - Networking 1 04-15-2005 02:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration