Sometimes I need to access a server that's behind two or more firewalls. I use SSH tunneling to accomplish this, and in this example I show port specifics for MySQL.
First, I establish a ssh session with a local tunnel to 'Server A' that's NAT'd through a firewall. 'Server A' sits in a DMZ.
Second, I establish another ssh session with a local tunnel from 'Server A' to 'Server B' that's NAT'd through another firewall. 'Server B' sits on the INSIDE network. The local port of the tunnel in the first session on 'Server A' corresponds to the referenced port on 'Server B' in the second session. A "plumbing" of sorts has been configured.
Session 1 - Client to 'Server A'
> ssh -L 44444:localhost:9999 user@serverA
Session 2 - 'Server A' to 'Server B'
> ssh -L 9999:ServerC:3306 user@serverB
As you can see, to get to 'Server C', the client application would connect to localhost:44444, sshd would bitpump traffic from TCP:44444 on the client to TCP:9999 on 'Server A'. Then through the second ssh tunnel between 'Server A' and 'Server B', sshd would bitpump traffic arriving at port TCP:9999 on 'Server A' and bitpump traffic to TCP:3306 on 'Server C' through 'Server B'.
Be responsible, make good choices. Have fun and don't kill anybody.
No comments:
Post a Comment