Networking :: Multiple Reverse SSH Tunnels For 100+ Servers?
Jul 26, 2011
I am looking at using reverse SSH tunnels to manage servers on client sites. I have played around with reverse tunnelling, and have it working on one server back to my middle man server from which I can SSH across from my own PC. All working fine. When I scale this up to 100+ servers reverse tunnelling in, usernames & passwords become a pain, so I'd prefer to use RSA keys instead. My question, finally you might say, is this, to successfully ssh from my PC to the remote server, do the RSA keys need to be on the middle man server as well, or is it just my PC and the remote server?
View 1 Replies
ADVERTISEMENT
Sep 7, 2010
got the problem with multiple ssh-tunnels. The case is:I have 1 server running Slackware 13.0 with external ip and few windows-machines. inetd daemon is running on the server, my script is listening on port 2345. I create multiple ssh-tunnels from client machines to the 2345 port of the server in order to initiate script execution. For debugging reasons the script simply echoes the incoming information to the connection initiator. This is how the connection is initiated.
Code:
ssh <user>@<my_server_IP> -L 5555:<my_server_IP>:2345
echo "hello"|nc -vn 127.0.0.1 5555 (a port on a client-machine, that is forwarded to <my_server_IP>:2345)
gives "hello" output.
Code:
client1 port 5555|----ssh-tunnel---- eth0|-------server---------------|
[Code]...
The problem is that i need my script to execute some commands (registry parsing) on a remote client machine with winexe utility. So I need to identify each tunnel or each connection in order to execute the command on each of the client workstations. I need at least to have access to some ID of the ssh session or a tunnel, through which a certain connection was initiated and then use it to create a reverse tunnel or just connect to certain client via that client`s tunnel.
View 3 Replies
View Related
Jun 28, 2011
So unfortunately I live in a place that will not let me have a static IP, so I have been setting up access to my home computer via reverse SSH tunnels that run on an micro amazon ec2 instance. I have gotten SSH to work fine, but I cannot figure out port forwards.Here is a small infographic I made to help illustrate (i felt the question was clearer with a diagram of what I was trying to do. Here are the commands listed in the graphic:I the following on my home computer: ssh -R 1337:localhost:22 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddressand I run this on the ec2 server: ssh -L6600:localhost:6600 -Nf localhost -p 1337
View 2 Replies
View Related
Jul 24, 2010
How can i create tunnels in Linux I use MyTunnel in Win for tunneling But i don't know how can i do that in Fedora 13
View 7 Replies
View Related
Jan 6, 2010
I have multiple ssh tunnels that I need to run on startup. Does anyone know a working way to do that? I have tried creating a script and putting it in all sorts of directories (/etc/init.d/, /etc/, /etc/network/if-up.d/). I have also tried appending the commands to /etc/rc.local but nothing works. The script is actually executed in all these places because I tried putting a simple mv command in there and that was executed but these ssh tunnels won't be constructed. My script looks something like this:
#! /bin/sh
xterm -e ssh ....... &
xterm -e ssh ....... &
xterm -e ssh ....... &
I also have another program that I would like to run along with the ssh tunnels. The program needs to be run as root, but that won't work either.
View 9 Replies
View Related
Apr 17, 2011
I want to login to my university server, in windows i used Putty and rdp.the setting in putty (download to my ubuntu and runnig) SSH-> tunnels
destination: 2.bgu.ac.il:3389
source port:7000
on local
session SSH type 1.bgu.ac.il port:22
so far so good i logged in and i can see the files on the 1.bgu the next step is to open RDP and ask him to login localhost:7000Not Working, i use Gnome-RDP and Remmina Remote Desktop Client no luck on both.
View 1 Replies
View Related
Apr 13, 2011
I'm trying to pass multiple dpmains thru one ubuntu server to various hosts on my local network.
[url] should be sent to the /var/www folder on the local host.
[url] should be forwarded to an IIS box on my local network (owa.nunya.local)
[url] should be sent to another ubunto box on my local network (smtp.biznet.net)
I have tried placing VirtualHost entries in /etc/apache2/sites-available/default and [url]and [url] both work but [url] gets forwarded to the c:inetpub folder on the IIS box.
View 2 Replies
View Related
Oct 21, 2010
I have an application running inside our lan on server 192.168.0.1:8080. I have configured gateway firewall to direct all traffic on port 80 to port 8080 on 192.168.0.1. So I can access the application from outside lan. Now the problem starts when the application redirects the traffic to another server 192.168.0.2 according to the input of the users. How can I configure the whole system so that I can access the application running on second servers also?
View 3 Replies
View Related
Jul 14, 2009
I have a wide area network with 7 CentOS servers running Bind and 1 Windows 2003 server. All 8 of these servers handle DHCP and DNS at their respective locations. At each site I can ping computer.site.company I'd like to be able to resolve the dns names from site to site. So from site1 I would like to be able to ping computer.site2.company and get a response.
View 4 Replies
View Related
Jul 28, 2010
In my environment we are running DHCP on a Windows 2003 r2 server. This DHCP server also is used with Symantec's 3COM PXE for the desktops. So the desktop's can PXE boot into Symantec Ghost and re-image the PC's with a Ghost (GHO) file. This DHCP server is responsible for assigning IP addresses for all desktops on the network.
We also have several branch offices which this DHCP server provides IP addresses to. These branch offices are on a separate network so I believe this is possible. Each branch office is running a Linux server so I would like to use Clonezilla and allow users in these offices to PXE boot to the local Linux server to run Clonezilla and re-image their notebook/desktops with a specified image that is on the local Linux server in each office. My only concern is the use of the same DHCP server. Is this possible?
Another project I am working on is setting up LTSP with openSUSE in which I want to have about 10 or 15 diskless PCs boot up and retrieve the LTSP image but this would also use the same DHCP server and is on the same network as the regular desktops that use the Symantec 3COM PXE service so is this even possible? If not, any recommendation on how I could get it to work? Could proxyDHCP work or MAC filtering or even a seperate VLAN?
View 2 Replies
View Related
Feb 16, 2009
i am working at a place that has 2 physical web servers yadayada1 and yadayada2 but only one public ip address i can use dyndns to register 2 dynamic domains on the same ip address
how can i get yadayadayada1.dyndns.org to route to yadayada1 and yadayadayada2.dyndns.org to route to yadayada2 ?
View 14 Replies
View Related
Mar 14, 2011
I have a reverse proxy set up with squid. I'm going to try and explain what it's doing and I apologize for it being confusing, I'll do the best I can to describe my problem. First, it's for our phone system. We run a ShoreTel Voip system. The owner has decided he wants me to setup MCM (Mobile Call Manager), which from what I can see is an under developed, and almost impossible to get help with Shoretel software. But he's convinced he needs it for his Iphone. It's supposed to, in a nutshell, turn his Iphone into his work phone with all the advantages and doodads that come with it. Apparently, "they have an app for that". On the server side, I need to setup a reverse proxy back into the network on our phone server. Simple enough, I did this with squid. I used the following lines:
Code:
http_port 80 accel defaultsite=172.17.137.7
cache_peer http://172.17.137.7 parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain http://172.17.137.7
[code]....
Code:
always_direct allow all It most definitely is allowing traffic back to the phone server, the problem is, it hands out my internal server address to the outside client. So for instance, if I connect to the outside routable address with my phone, it will immediately change the url to http://172.17.137.7 which is the inside nat address of my phone server. Which of course doesn't work, since I couldn't browse to that address from the outside. It does however work from the inside of the network, obviously because 172.17.137.7 is accessible from the inside.
View 4 Replies
View Related
May 11, 2010
A first server with apache2 installed and configured as reverse proxy, that works great, with this version:
That works mostly, but fail with an oma (outlook mobile access) redirection
It works for all reverse sites hosted, but when we try to connect to oma using a nokia phone, it fails.
I can see in access.log that it hangs on FolderSync istance.
I've used wireshark to sniff packets, and in oma server I can see only three way handshaking coming...
My doubt is: when I'll upgrade working server, also it will not work anymore...
Configurations are the same (I've copied /etc/apache2 folder from running one to new one).
View 1 Replies
View Related
Oct 12, 2009
I am using RHEL5. These are my config files:
Code:
options {
listen-on port 53 { 127.0.0.1; 192.168.14.54; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
[code]....
View 3 Replies
View Related
Jun 22, 2010
I found one strange issue with ubuntu, can anyone suggest if its a bug or as designed? If I have two nameservers in my resolv.conf, ubuntu only checks the first (and receives a not found reply from there) and never goes to the next two nameservers. This behaviour is very different from windows or other linux systems.
View 3 Replies
View Related
Jan 14, 2011
I have 5 linux ssh servers at my office that are behind a router. How do I connect to any one specific server from outside the LAN? Do I have to port forward the router giving each machine it's own port? That seems clunky.
View 2 Replies
View Related
Apr 15, 2009
So I have a pretty big networking nightmare on my hands right now. Stepped into the dog crap with this one, told my employer that I knew how to setup vmware servers right? Its not hard, install CentOS, install vmware, run the config tool, bridge the network, down the road we all go right? We have 3 servers running about 10 virtual servers.
Here is what we have all together.
CFU <- This is the internet. We have IP ranges xx.18.230 - xx.18.241 Gateway is xx.18.254 and subnet is xx.255.128
DELL PowerConnect 3348 Switch <- This is what everything is pretty much jammed into.
VMH1 <- This machine has 2 NICs
eth0 connects to the DELL switch somewhere on the upper 30+ ports
eth1 connects to the DELL switch on port 1.
It uses firestarter and is the gateway for our internal internet on 192.168.11.XX using IP 11.254. It has 4 vm's on it. One of them is the domain controller, hooked to eth1 using IP xx.11.1. The other one is a server for managing remote backups, it has an external IP linked to eth0 of xx.18.234. The other 2 vm's are for misc remote login stations that use internal ip addresses linked to eth1. It hasn't had a single problem communicating on either one of the ports..
VMH2 <- This server hosts a web server, and some other misc stations.
It hosts a web server on xx.18.230 and xx.18.231
It also hosts 2 workstations on a seperate network, through another router that is wireless....
Now, we have the problem child, VMH3
VMH3 <- This hosts...nothing. It sits and has a ton of storage, but does absolutely nothing, but won't communicate out either one of its network ports.
The xx.36.xx and xx.22.xx networks are there because we have multiple businesses in the building that shouldn't see each other.
View 3 Replies
View Related
Apr 6, 2010
Like many others I'm running into some reverse lookup issues with SSH. Setup is as follows:
localnet setup
myserver - 192.168.0.x
myworkstation - 192.168.0.y
[Code].....
nslookup tests show that my reverse lookup is functioning correctly. However, if I use "myworkstation" to connect to myserver.mydomain.com using an external nameserver SSH says: "Address 84.162.xx.yy maps to myserver.mydomain.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!"
On myserver the /etc/hosts has the internal address for the server which seems the normal way to go to me. Changing this to the servers external address solves the issue.
Apparently a connection originating from myworkstation arrives from/with my external address, and when its reverse is checked by the server it apparently finds its own internal address for that name in /etc/hosts before doing a nameserver query and thus concludes that internaladdress <> externaladdress which gives the error.
Is there any way to have the server check external DNS before /etc/hosts? Another solution would probably be running an internal DNS, so myworkstation doesn't connect through the 'outside'.
View 1 Replies
View Related
Aug 22, 2010
I am trying to create solution with Reverse Proxy, mod_proxy and mod_proxy_connect. I haven't really used this before so I am just curious if I am doing it right. I have attached what I am trying to do plus a copy of the config:Here is my current requirement
We are going to have 3 servers, right now our top level domain is[URL] We have an E-Commerce Server in Production Right now that already has an SSL Cert on it so right now the production server for E-Commerce is [URL] However, as we are growing, we don't want to use subdomains, so instead, we want to use the reverse proxying feature on apache. We are running mostly windows servers and IIS for the E-Commerce, CMS and the Wordpress Server. Assume the following -
Apache Proxy Server 10.100.10.60
E-Commerce Server 10.100.10.3 (www.ooolalashop.com)
Content Management Server 10.100.10.3 (cms.ooolalashop.com)
Word Press Blog Server 10.100.10.3 (blog.ooolalashop.com)
1) We need the following mapped
[URL] - maps to ecommerce server - since ssl cert is going to stay on the server, on the proxy we just create a static host that points to the e-commerce server
[URL]
All of these should be pretty easy to reverse proxy
2) We need to be able to proxy the SSL connection or have it pass through to the server on the back end with the domain [URL] right now we are getting some errors Here is the error I get with SSL [Sun Aug 22 01:51:30 2010] [warn] proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
Here is a copy of the config
<VirtualHost *:80>
ServerAdmin support@cometcomputing.com
ServerNamewww.ooolalashop.com
DocumentRoot/var/www/ooo
[code]....
View 1 Replies
View Related
Feb 3, 2011
we have an ubuntu server (10.04 LTS) with apache2 (2.2.9) and mod_proxy + proxy_balancer enabled.Reverse proxy works greatly, but I can't get load balancing working. Apache connect always to first member.
My configuration is as follow:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Proxy balancer://test>
[Code]...
View 6 Replies
View Related
Dec 27, 2010
what is the best way here? I have like 5 servers, and I want my clients to access each of them, so in case 1 server is down, they can access remaining servers. Also, it will work like user1 chooses the server number and is connecting to a central database, then reply is OK, and he can connect to the server number he wished.
View 1 Replies
View Related
Mar 31, 2011
I have a CentOS5 server with dual ethernet adapters + Webmin installed as my Router / Firewall / DHCP server working successfully with 1 static IP from my ISP. I also have 7 additional static IP addresses from my ISP needing to configure to individual servers inside my network. I have configured the additional virtual interfaces, but am lost on how to route data specifically from additional ISP address to specific internal network address.
Below is my desired configuration.
98.173.159.xx1 = eth0 physical interface ==> eth1 192.168.1.1
98.173.159.xx2 = eth0:1 virtual interface ==> 192.168.1.10 ==> CentOS Server 2
98.173.159.xx3 = eth0:2 virtual interface ==> 192.168.1.20 ==> CentOS Server 3
98.173.159.xx4 = eth0:3 virtual interface ==> 192.168.1.30 ==> CentOS Server 4
98.173.159.xx5 = eth0:4 virtual interface ==> 192.168.1.40 ==> Mac OS X Server 1
98.173.159.xx6 = eth0:5 virtual interface ==> 192.168.1.50 ==> Mac OS X Server 1
98.173.159.xx7 = eth0:6 virtual interface ==> 192.168.1.60 ==> Network Attached Storage Server 1
98.173.159.xx8 = eth0:7 virtual interface ==> 192.168.1.70 ==> Windows 2008 Server 1
View 2 Replies
View Related
Apr 16, 2010
I have a scenario.A domain [URL].. then there are 4 private computers on which applications are hosted at port 80. So when some one from outside access the site it look [URL]..I added
[Code]...
View 1 Replies
View Related
Feb 18, 2011
the apche2.conf and vhost file I gave the link are the machine on LAN when site is actually hosted.When some one from internet access the site then I expect a log of IP in access.log instead of which I see the IP of machine which is working as Reverse Proxy server for all such requests.What mistake did I do above.
View 4 Replies
View Related
Jan 17, 2011
Looking for a test tool where I can fire up any number of ports (TCP and / or UDP) to listen on.
I am currently getting my using nc but its only 1 port at a time (i know I can open up multiple sessions but thats cumbersome), it can't do UDP, and it closes at the end of the session.
A friend has suggested socat but it looks pretty much the same except it can do UDP, but also cumbersome, I have to manually output to a different file per port, etc.
Basically its so I can quickly test firewall and NAT rules.
View 7 Replies
View Related
May 26, 2010
I am having a few websites running in a Reverse Proxy scenario on Ubuntu Server 10.04. The configuration is like this:
Code:
|--------------192.168.1.1
| (site1.abc.com)
|
|--------------192.168.1.2
| (site2.abc.com)
|
|
|
|
|--------------192.168.1.3
| (site3.abc.com)
|
|
|
|
|--------------192.168.1.4
| (site4.abc.com)
(Public IP ) |
A-------------------|
(reverse proxy server) |
(192.168.1.25) |
|--------------192.168.1.5
| (site5.abc.com)
|
Except one all websites are running properly and being redirected to their respective domains.
Following is the configuration which I used for each site define on server A a vhost file which contains following
Code:
# ProxyPass / http://<Ip of Server>
# ProxyPassReverse / http://<Ip of Server>
So if I have 5 websites then I have 5 vhost file on the gateway in above diagram A and in each of those file as above root of site is redirected to internal IP. 4 of them are running properly. The fifth website is running on port 8080:/keyword. So in its vhost file on gateway I defined
Code:
# ProxyPass / http://<Ip of Server>:8080/keyword
# ProxyPassReverse / http://<Ip of Server>:8080/keyword
I can see on Lan http://<Ip of Server>:8080/keyword but when from internet I try to see:
http://site5.abc.com
I get redirected to a page is https://site5.abc.com:8443/ and it says
Code:
The webpage at https://site5.abc.com:8443/ might be temporarily down or it may have moved permanently to a new web address. The site5.abc.com has a requirement to be run at port 8080 internally and it is not a Ubuntu server.(Red Hat based server). While rest all are Ubuntu servers including gateway A.
View 1 Replies
View Related
Apr 1, 2011
I'm at a loss to why my reverse lookup zone doesn't work for me.I've got two views. One internal and one external. My domain is isp2.datornatverk.se. Public IP: 130.240.133.81.
dig -x @8.8.8.8 130.240.133.81
gives me:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2917
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
I've set it up so that the internal subnets gets the domains resolved to the internal IP-addresses. When querying from external addresses I will get public IP.My named.conf.local file:
Code:
acl internals {
127.0.0.0/8;[code]..........
I don't know whether the views has messed something up. It worked before I added the views.
View 3 Replies
View Related
Aug 27, 2009
Faced with disk-bound issues on a FTP server with high traffic. Would like to set up multiple FTP server nodes with dedicated storage for each node where all FTP access is managed by a master FTP server. So, a user would FTP to a single externally visible IP address for the master FTP server and then get routed to the appropriate FTP node. Are the mutiple FTP nodes required or is there a better way of doing this? Perhaps only one FTP server is required and then each node would serve as a separate file server
View 1 Replies
View Related
Feb 7, 2011
I'm looking at setting up a couple automated systems: Here are a few examples:
* Internal accounting system to download and process emails
* Public web server to visit
I could put each system on its own separate box -- for example, it's generally good practice to separate anything that external users have access to (such as a webserver) from internal processes such as accounting. Now, rather than dishing out the money for two separate servers, could I get away with just installing new instances of VMWare on the same box for each system?
To give you an idea, these are not large scale computationally sensitive systems. The accounting one is simply downloading and tallying emails, and the latter is just a webserver with maybe 5 hits per day on a good day. I could definitely pick up a new box for say $50, but I wanted to know the general practice of using VMWare on the same box versus two separate boxes.
View 2 Replies
View Related
Dec 19, 2010
I can create a tunnel with the autossh command. Is there a way to view all SSH tunnels created by that command?
View 2 Replies
View Related
