[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: inetd able to start programms on distant machines?



* Frank Brodbeck (oakenshield@gmx.net) [020805 09:24]:
> Maybe I should begin with the idea that's behind my question.
> 
> I want to give some persons access via ssh to a machine behind my
> firewall. Therefor I installed dns2go and run it from the $targe_host.
> Naturally dns2go resolves the official IP of my firewall because it
> has also the funtion of my router and gateway (simply to few pc's at home).
> 
> My problem is now how to route externally incoming ssh traffic to 
> $target_host? As far as I understood ipchains (yes, 2.2er Kernel and
> please don't tell me to change to 2.4 until it's not possible to solve the
> problem with 2.2) I can't use redirect for my problem, correct? 
> 
> Another solution seems to be NAT but I'm a completely blank sheet of
> paper to that. 

That's the way it's done with netfileter, the 2.4 kernel infrastructure.


You can run a simple socket redirector listening on a different port for
each internal service you wish to serve.  You're essentially running a
"man in the middle" so SSH will loudly complain each time that the host
keys don't match, but it will work.  Try to install the redir package
and reading its docs for starters.  It should do what you want.

Another option is to set up tunnels with ssh to do the redirecting.
That's not as clean as a permanent solution as is redir, though, IMO.
(Mostly because it means you have to have an ssh connection connected
the whole time or the tunnels close, too.  Redir can just be run from
inetd when a connection is initiated.)

> #:OTHER: Other services
> ssh	stream	tcp	nowait	root	root@$target_host:/usr/sbin/sshd

No, it just doesn't work that way.

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"Computer Science is no more about computers
than astronomy is about telescopes."  -- E.W. Dijkstra

Attachment: pgpjpE0TFg_ZF.pgp
Description: PGP signature


Reply to: