deKA
02-26-2007, 07:51 PM
I feel like I've read a hundred how-to's and examples on how to tunnel various protocols through ssh, but I must be dumb because nothing I've tried seems to work.
This is what I'm trying to do -- I want the ability to remotely administer an OS X Server on my company LAN from my laptop when I'm not in the office. I thought that I could use ssh tunneling/port forwarding to make this whole process relatively secure. The basic idea of what I'm trying to do is outlined in the attached diagram.
So far, what I've been able to do is set up a basic ssh server on my LAN, and forward traffic to it from the NAT/firewall on port 22. I can now successfully connect to the ssh server from offsite by ssh'ing to the external IP of the NAT/firewall device. Yippee. I've also allowed remote login on the OS X Server itself, so once I'm connected to the ssh server, I can then in turn ssh to the OS X Server.
But then I hit a wall. Server Admin runs on port 311, I know that. But how do I get Server Admin from my laptop to reach my OS X Server by going through the ssh server? Do I need to set up one ssh tunnel from the laptop (client) to the ssh server, and then another from the ssh server to the OS X Server? Do I even need to set up a third tunnel, from the ssh server to the NAT/firewall? Or maybe that should be straight to my laptop via a dynamic domain name using dyndns.com? And when should I be using local versus remote port forwarding?
I feel like I've tried so many permutations now, it's hard to keep straight what I've done. Since I'm not a command line stud, I've mainly been trying to use GUI tools like SSH Tunnel Manager to create the tunnels, but frankly, I think it's a little buggy. Also, it's clearly not helping me grasp the concept any better.
Anyway, I would really appreciate some guidance. If anyone can actually tell me the exact ssh commands I need to run, and on which box, I would be eternally grateful.
Thanks,
David
This is what I'm trying to do -- I want the ability to remotely administer an OS X Server on my company LAN from my laptop when I'm not in the office. I thought that I could use ssh tunneling/port forwarding to make this whole process relatively secure. The basic idea of what I'm trying to do is outlined in the attached diagram.
So far, what I've been able to do is set up a basic ssh server on my LAN, and forward traffic to it from the NAT/firewall on port 22. I can now successfully connect to the ssh server from offsite by ssh'ing to the external IP of the NAT/firewall device. Yippee. I've also allowed remote login on the OS X Server itself, so once I'm connected to the ssh server, I can then in turn ssh to the OS X Server.
But then I hit a wall. Server Admin runs on port 311, I know that. But how do I get Server Admin from my laptop to reach my OS X Server by going through the ssh server? Do I need to set up one ssh tunnel from the laptop (client) to the ssh server, and then another from the ssh server to the OS X Server? Do I even need to set up a third tunnel, from the ssh server to the NAT/firewall? Or maybe that should be straight to my laptop via a dynamic domain name using dyndns.com? And when should I be using local versus remote port forwarding?
I feel like I've tried so many permutations now, it's hard to keep straight what I've done. Since I'm not a command line stud, I've mainly been trying to use GUI tools like SSH Tunnel Manager to create the tunnels, but frankly, I think it's a little buggy. Also, it's clearly not helping me grasp the concept any better.
Anyway, I would really appreciate some guidance. If anyone can actually tell me the exact ssh commands I need to run, and on which box, I would be eternally grateful.
Thanks,
David