[rescue] how to use a NAT/PAT to forward SSH to an internal box
Greg A. Woods
rescue at sunhelp.org
Sun Jan 6 12:19:52 CST 2002
[ On Sunday, January 6, 2002 at 04:04:15 (-0500), George Adkins wrote: ]
> Subject: Re: [rescue] how to use a NAT/PAT to forward SSH to an internal box
>
> Okay, this is good, but how about doing it on the proxy side, so that the
> client side doesn't require any customization.
> how would you go about making a script for the proxy machine in which you
> could accept the hostname from a client wrapper script?
You cannot. You "MUST" supply the SSH client with a destination
hostname/IP# and port# to connect to. The client makes a simple TCP
connection. There is no "reverse" proxy support, or virtual host
support, in the protocol (partly because adding it would entail a large
amount of re-engineering to get the host authentication of the gateway
right).
> with this kind of a mechanism, you can code the proxy script with the
> hostname_to_port information, and then have it send the port info back to the
> client side script.
SSH != HTTP. There is no "host:" header in SSH. You cannot proxy it in
reverse. You can only proxy outbound connections transparently
(eg. using SOCKS, or transparently with a NAT).
> we're getting closer here....
Nope, not at all.
--
Greg A. Woods
+1 416 218-0098; <gwoods at acm.org>; <g.a.woods at ieee.org>; <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>
More information about the rescue
mailing list