[rescue] how to use a NAT/PAT to forward SSH to an internal box
George Adkins
rescue at sunhelp.org
Sun Jan 6 03:04:15 CST 2002
> > I wonder if the "proxy" part would work as a script, of it would need to
> > be more sophisticated...
<snip>
>
> The simple answer is to supply a table of host/port mappings right
> inside the client wrapper script:
>
Okay, this is good, but how about doing it on the proxy side, so that the
client side doesn't require any customization.
how would you go about making a script for the proxy machine in which you
could accept the hostname from a client wrapper script?
with this kind of a mechanism, you can code the proxy script with the
hostname_to_port information, and then have it send the port info back to the
client side script.
Then all you have to do is have NAT running on the gateway box, and already
have your
rdr le0 123.45.67.89/32 port 2201 -> 192.168.0.101 port 22
rdr le0 123.45.67.89/32 port 2202 -> 192.168.0.102 port 22
rdr le0 123.45.67.89/32 port 2203 -> 192.168.0.103 port 22
lines already in place in your ipnat.conf, and rules loaded.
then the client side script simply passes the port to ssh as it starts it:
exec ssh -p $port_from_proxy $username at hostname_from_cmd_line
if the external DNS points at the proxy IP for the hostnames behind it, this
should be completely transparent from the outside, you would just use the
script instead of invoking ssh directly. (unless you wanted to ssh into the
gateway itself)
we're getting closer here....
George
More information about the rescue
mailing list