1 |
On Tuesday 05 May 2009, Sascha Hlusiak wrote: |
2 |
> Am Dienstag 05 Mai 2009 23:28:22 schrieb Steve: |
3 |
> > Sascha Hlusiak wrote: |
4 |
> > > The easiest thing would probably be to just use ssh port forwarding |
5 |
> > > because you already have all the pieces running anyway. Wouldn't a |
6 |
> > > simple |
7 |
> > > |
8 |
> > > ssh -L 12345:secondapache:https user@remotessh |
9 |
> > > |
10 |
> > > and the browsing to https://localhost:12345 do the trick? Or you could |
11 |
> > > use a pppd over ssh vpn, yes, but that is a bit more complex. |
12 |
> > > |
13 |
> > > - Sascha |
14 |
> > |
15 |
> > I really want to avoid having to access a non-standard port from the |
16 |
> > URLs - I want to use the final URLs exactly as they will be once the |
17 |
> > in-development website is eventually deployed. |
18 |
> > |
19 |
> > Can you recommend a 'how-to' for the pppd over ssh approach? |
20 |
> |
21 |
> # /usr/sbin/pppd pty "ssh root@remoteserver pppd notty local |
22 |
> 10.0.0.1:10.0.0.2" noipdefault nodefaultroute noauth updetach |
23 |
> |
24 |
> You can also just create a file in /etc/ppp/peers/ with the following lines |
25 |
> and then call 'pon': |
26 |
> pty "ssh root@remoteserver pppd notty local 10.0.0.1:10.0.0.2" |
27 |
> noipdefault |
28 |
> nodefaultroute |
29 |
> noauth |
30 |
> updetach |
31 |
> |
32 |
> You'll get the IP 10.0.0.2 and on the server 10.0.0.1. You need to setup |
33 |
> proper routing and maybe NAT for that separate subnet, but it will be a |
34 |
> tunnel into your home network. |
35 |
> |
36 |
> - Sascha |
37 |
|
38 |
Or even simpler solution, can't you only allow access to https from your |
39 |
desired remote host IP address at your server's LAN firewall, or just use the |
40 |
accept/deny wrapper of the server itself after forwarding the https port at |
41 |
the firewall? |
42 |
|
43 |
-- |
44 |
Regards, |
45 |
Mick |