Hi, * Marc Mueller <spam@gmx.de> [2005-07-13 15:20:33 +0200]: >I have no administrative access rights on the three servers outside to >change any network settings. :-( >I can only modify the firewall-rules on the server in the middle. I too have the same thing. Through my office sshing to any server outside the local network is not permited. Unfortunately I do not control the main firewall and even I do not have control over the server on DMZ. So the best way without compromising the security of any system is to use ssh tunnel (if the server X in your case allows tunnels to be created, which it should). I use the following commands: $ ssh -NfqL22:my.server.net:22 my_user_id@server.dmz.net $ ssh me@localhost > >SSH tunnel would be possible, of course - but it would be an >additional step for the users each time they want to connect to >the servers outside - and i have to allow ssh-access on the server >in the middle, what I'd like to avoid. Beleive me that it is the simplest way to do what you want without compromising any security. my.server.net will see all the connections from your machine as if they originate from server.dmz.net. As far as additional user-ids is concerned you can create one generic logon for this and even if seperate user-ids then it is worth it, unless some one has already comeup with the iptables rules working for you. -- Ajitabh Pandey http://www.ajitabhpandey.info ICQ - 150615062 Registered Linux User - 240748 GnuPG Key ID - 35CF8CC4 Key fingerprint = E1A8 657D BE0C 4747 52EC 10C4 1AC2 C124 35CF 8CC4 ----------------------------------- Asha 5k -- Run to Educate! Saturday, Aug 20th, 2005 http://www.ashaforeducation.org/nycnj/5k Q: What's a light-year? A: One-third less calories than a regular year.
Attachment:
signature.asc
Description: Digital signature