Have you ever needed to access a server or something through a SSH Tunnel ? I did and not through one but two of them. It turns that a customer allows me access its WLC using SSH Tunnel. It is not that difficult to setup but I admit I have had some trouble getting things done. All the time I get some difficult doing something I put it on my Blog.
Bellow I'll show my scenario:
We can realize that, althouth the communication inside the SSH tunnel is very security, this technique allows us to overcome firewall filter. In the place of Customer´s WLC, we could have not filtered machine. Could be our home machine for example.
Therefore, for this post, I'm gonna focus on Tunnel setup only.
Although this might look a litle bit complex and it is at the first sight, you´ll gonna see that actualy the setup is pretty straightforward.
Bellow I am gonna show you some prints:
First we are gonna create a access session with our local server 192.168.1.1:
Here we have the accesss session to our first server 192.168.1.1. You can and should save this session. Name it to facilitate future access.
In the same session, in Tunnels, under SSH, you must point to the second server on SSH port. Just like we did above.
Here is where the second tunnel begins. You can see that the result of this setup is:
Source Porte: 2222
Source IP Address: 127.0.0.1
Destination Port: 22
Destination IP Address: 172.16.1.1
We are creating a tunnel begining on the local host and ending on the server 172.16.1.1 passing through 192.168.1.1.
Click Add and save the session.
Now, to access the second server, we just need to point a new session to our local machine and using the port 2222. This port is supposed to be opened and pointing to the second server.
Once the second session is ok, we can create a Tunnel to the IP address we want to access behind the second server.
That's it. Fisrt start the connection to the first server, let the windows opened, then start the connection to the second server and finally you can access any resource by the other side. Of course, considering that all the necessary ports were opened like our example above.
No comments:
Post a Comment