| 1 |
On Tuesday 05 May 2009, Sascha Hlusiak wrote: |
| 2 |
> Am Dienstag 05 Mai 2009 23:28:22 schrieb Steve: |
| 3 |
> > Sascha Hlusiak wrote: |
| 4 |
> > > The easiest thing would probably be to just use ssh port forwarding |
| 5 |
> > > because you already have all the pieces running anyway. Wouldn't a |
| 6 |
> > > simple |
| 7 |
> > > |
| 8 |
> > > ssh -L 12345:secondapache:https user@remotessh |
| 9 |
> > > |
| 10 |
> > > and the browsing to https://localhost:12345 do the trick? Or you could |
| 11 |
> > > use a pppd over ssh vpn, yes, but that is a bit more complex. |
| 12 |
> > > |
| 13 |
> > > - Sascha |
| 14 |
> > |
| 15 |
> > I really want to avoid having to access a non-standard port from the |
| 16 |
> > URLs - I want to use the final URLs exactly as they will be once the |
| 17 |
> > in-development website is eventually deployed. |
| 18 |
> > |
| 19 |
> > Can you recommend a 'how-to' for the pppd over ssh approach? |
| 20 |
> |
| 21 |
> # /usr/sbin/pppd pty "ssh root@remoteserver pppd notty local |
| 22 |
> 10.0.0.1:10.0.0.2" noipdefault nodefaultroute noauth updetach |
| 23 |
> |
| 24 |
> You can also just create a file in /etc/ppp/peers/ with the following lines |
| 25 |
> and then call 'pon': |
| 26 |
> pty "ssh root@remoteserver pppd notty local 10.0.0.1:10.0.0.2" |
| 27 |
> noipdefault |
| 28 |
> nodefaultroute |
| 29 |
> noauth |
| 30 |
> updetach |
| 31 |
> |
| 32 |
> You'll get the IP 10.0.0.2 and on the server 10.0.0.1. You need to setup |
| 33 |
> proper routing and maybe NAT for that separate subnet, but it will be a |
| 34 |
> tunnel into your home network. |
| 35 |
> |
| 36 |
> - Sascha |
| 37 |
|
| 38 |
Or even simpler solution, can't you only allow access to https from your |
| 39 |
desired remote host IP address at your server's LAN firewall, or just use the |
| 40 |
accept/deny wrapper of the server itself after forwarding the https port at |
| 41 |
the firewall? |
| 42 |
|
| 43 |
-- |
| 44 |
Regards, |
| 45 |
Mick |
Archives