Date: Mon, 10 Mar 2003 23:32:00 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: freebsd-questions@freebsd.org Subject: SSH to a box behind NAT Message-ID: <20030310224025.L34446-100000@ren.sasknow.com>
next in thread | raw e-mail | index | archive | help
Hi all,
I have a FreeBSD server behind NAT (on an RFC1918 address). The NAT
machine is actually an NT box on a network we don't have access to.
(So, it is not possible, for instance, to set up port based NAT for
inbound SSH, which is one of two things I'd normally do). The server
can, however, initiate arbitrary outbound connections.
So, I'm fishing for a tech workaround to this management problem. :-)
I need to be able to have an interactive SSH session on the server
(Server) from another host (Manager) on the Internet (for remote
management). That is, I need to connect to Server to do remote
management.
<--- NAT --->
[ Server ] --- [ NT Gateway ] --- { Internet } --- [ Manager ]
192.168.0.2 192.168.0.1 207.1.1.1
24.1.1.1
Manager is a highly available FreeBSD server (i.e., static public IP).
The first thing that comes to mind is some kind of "pull" technique to
have *Server* initiate the connection. Server already initiates cron'd
SSH connections to Manager to do automated backup/rsync tasks, but I
can't think of a way to actually start an interactive login in that
manner.
So far the best I've come up with is to configure a secure known path
on Manager for batch scripts (so, not really interactive, but close
enough for 90% of tasks) and have Server simply attempt to scp (pull)
the file at regular intervals, and execute its contents. Server can
capture the output and scp (push) that back to Manager. Manager never
actually initiates anything. Obviously, this will be a leading cause
of ass pain in troubleshooting scenarios, and will be a *real* pain
for anything that actually requires an interactive session.
Unfortunately, that idea has, so far, been the *last* thing to come to
mind. Any *other* ideas? :-)
Thanks,
- Ryan
--
Ryan Thompson <ryan@sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030310224025.L34446-100000>