Results 1 to 5 of 5

Thread: Port Forward or Redirect

  1. #1
    Join Date
    Aug 2009
    Location
    Makati City, Philippines
    Beans
    2,045
    Distro
    Xubuntu 14.04 Trusty Tahr

    Port Forward or Redirect

    Hi all, here's my setup

    client --------- Server A ------- Server B

    cllient is public, Server A has public IP, Server B is private and can only be accessed from Server A.
    A client will connect to Server A, using ssh (or Filezilla) to upload some files, but client will be redirected to Server B. Which means, the client will see Server B when in reality he connects to Server A.

    Is there a way to do this? A command line ssh willl do but it would be better if filezilla will work.
    "I learned a lot from repeatedly breaking my system and then reinstalling. Oh, and a lot of GOOGLE searches too!"
    The best Ubuntu derivative: Linux Mint
    Relax. Head to the Community Cafe
    The Philippine Team

  2. #2
    Join Date
    Sep 2006
    Beans
    8,296
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Port Forward or Redirect

    There are several ways to do that. One is to forward a port over an intermediate host, in this case being server A. First set up the forwarding on the client:

    Code:
    ssh -L 2222:serverb:22 servera
    That will forward port 2222 on the local client to port 22 on server B via server A. You can also use options -N and -f if you like.

    Then in another window, or using FileZilla, connect SFTP to port 2222 on the local host.

    Code:
    sftp -P 2222 localhost
    That should then connect your client to server B. There are some other examples in the sections on Tunnels and Proxies and Jump Hosts in the Wikibook on OpenSSH I put together a while ago.
    Last edited by Lars Noodén; August 7th, 2013 at 12:33 PM.

  3. #3
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    10,094
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Port Forward or Redirect

    A simple iptables rule will do this, too:

    Code:
    /sbin/iptables -t nat -A PREROUTING -p tcp -d ext.ip.of.gateway --dport 22 -j DNAT --to-destination int.ip.of.server:22
    where ext.ip.of.gateway is the IP address on the gateway's Internet-facing interface, and int.ip.of.server is the IP of the interface to which packets will be sent.

    Remember you'll need to enable forwarding on the Internet-facing machine by uncommenting "net.ipv4.ipforward=1" in /etc/sysctl.conf. If that machine has a firewall, as it should, you'll need to open port 22 as well, of course.

    Another alternative is to use an application-level proxy like tcpproxy. One attraction of this method is that you can wrap tcpproxy with xinetd and use that to restrict access to the proxy.
    Last edited by SeijiSensei; August 7th, 2013 at 01:00 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #4
    Join Date
    Jun 2006
    Location
    Brisbane Australia
    Beans
    713

    Re: Port Forward or Redirect

    Quote Originally Posted by Lars Noodén View Post
    Code:
    ssh -L 2222:serverb:22 servera
    It is slightly more efficient and a little easier to just configure a proxycommand, e.g. in your ~/.ssh/config on "client" pc:

    Code:
    Host serverb
      Proxycommand=ssh -qax -o "clearAllForwardings=yes" servera nc %h %p
    then just "ssh serverb" from client pc will connect directly into serverb in the one command and will only create one encrypted tunnel, not a redundant second one.

  5. #5
    Join Date
    Aug 2009
    Location
    Makati City, Philippines
    Beans
    2,045
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Port Forward or Redirect

    Thanks for the replies! I will try them today.
    "I learned a lot from repeatedly breaking my system and then reinstalling. Oh, and a lot of GOOGLE searches too!"
    The best Ubuntu derivative: Linux Mint
    Relax. Head to the Community Cafe
    The Philippine Team

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •