[kwlug-disc] reverse tunnel? vpn over ssh?

Richard Weait richard at weait.com
Mon Aug 17 22:47:39 EDT 2009


I have a box I can reach on my DMZ.  I allow incoming web requests
through the firewall to the DMZ box.  It can then reply to the
request. But if you do crack this box, it can't connect out.  The
firewall won't allow it.  Great.  Defense in depth and all.

I can reach this box from my internal network and start/stop services.
 Configure stuff.  Great.  But I can't get it to update from the web.
It can't dial out.  I'd like to apply updates without unplugging eth
cables.

Lots of examples cover connecting boxes that can't see each other but
can each connect to another box.  When the configuration looks like

A --> public box <-- B

SSH reverse tunneling looks to be the right tool for the job.  That's
the gotomypc-type solution.

My configuration is essentially:

internet  <-- desktop --> DMZ

I'd like to, from my desktop, say "Hi DMZ box, I'm logging in. Here is
a temporary connection to the internet that will disappear when I log
out."

Help me lazyweb?



More information about the kwlug-disc_kwlug.org mailing list