Hi folks, I'm certainly no expert in this field, but until some BOFH put up a firewall between college and my ISP, the following worked for me (should be all on one line...): ssh -C -P -f -L 8181:localhost:8080 remotehost.com "sleep 365d" > /dev/null 2>&1 This will create an encrypted tunnel between port 8181 on your machine and port 8080 on remotehost.com (you must have RSA authentication working for SSH so it doesn't ask you for a password). Put that in a little script file, and run it when you need the tunnel. It should stay up indefinately, but if it doesn't, run your script again. Too easy. Of course, if you want to tunnel lots of different services (the above is only good for a web proxy, but adapt the ports for whatever you need), it's going to get prohibitively complicated. BTW, I don't believe that sleep needs to be as long as I have done it - that was just what I ended up with to be on the safe side. HTH, damon Quoth Krzys Majewski, > On Wed, 27 Sep 2000, will trillich wrote: > > > hi. i have no clue about all this fancy stuff. sounds > > delightfully cool. if you get it straightened out, > > PLEASE post a 'SOLVED' message so that the rest of us > > dunces (speaking for what i hope is a large group and > > not just me) can learn from your experience... > > > > by the way -- HOW did you set up those tunnels? > > > > what package, what command, what script? > > > > OK I'm a bit hesitant about posting my solution since I > figure there's probably a simpler and better way, but here goes. > Please note that I'm only doing this because it's the only way > I know for e.g. reading news on my school's news server, given that my > ISP is LargeFacelessCorporation.com and not my school's modem pool. > I'm not doing it just because it's a neat trick or whatever. Peace. > > First, I put the following two lines in the "iface eth0" section of my > /etc/network/interfaces. (I talk to the world through an ethernet > card, if this is not the way you do things you'll have to find some > other way, like your /etc/ppp/ip-up script or whatever): > > up /etc/init.d/tcp-pipes start > down /etc/init.d/tcp-pipes stop > > The "tcp-pipes" script is attached. The way I do it, this > script runs a command on the remote machine. The command does > nothing: it just hangs. I've jimmied things on the other end so that > only one instance of this command (there's actually three of them, > they're called "imapl, newsl, and maill" if I remember right) can run > at a time. Otherwise, I'd eventually have a million of these things running on > the remote machine and the sysadmins at school would hate me. I've > done this with a C program (attached) which reads a PID from a file, nukes the > process, writes its PID to the same file, and hangs forever. You can maybe > do the same thing with a shell script. > > Uh, I think that's all. Then I just tell my mail and news clients to > talk to, say, port 6143 on the localhost instead of port 143 on the > remote host. Hope this helps. -chris > -- Damon Muller | Did a large procession wave their torches Criminologist/Linux Geek | As my head fell in the basket, http://killfilter.com | And was everybody dancing on the casket... PGP (GnuPG): A136E829 | - TBMG, "Dead"
Attachment:
pgpjVB0GCN3uC.pgp
Description: PGP signature