пятница, 28 мая 2010 г.

SSH tunnelling

Сначала своими словами. Простой пример. Необходимо зайти на веб сервер по шифрованому соединению... ну или воспользоваться любой другой службой этого сервера секьюрно. Там стоит sshd.

На машине клиенте ssh -L 1234:localhost:80 om@ Это означает, что с 1234 порта ip адреса пакет будет перенаправлен на адрес порт 80 внутри SSH трубы. Для проверки вбейте в адресной строке браузера http://localhost:1234.

Далее оригинал статьи. http://www.brandonhutchinson.com/ssh_tunnelling.html

ssh tunnelling is an excellent way to tunnel insecure protocols through a secure communication channel. In this example, I'll tunnel POP3 traffic using ssh. Traditional POP3 traffic, including username and password information, travels clear-text across the network.

OpenSSH is used in the following examples.

To tunnel POP3 traffic using ssh:

1. Make sure an ssh client is installed on your machine and an ssh server is installed on the POP3 server.

2. Create a local ssh tunnel on your machine (port 1234 for this example) to the POP3 server's port 110. You will need to be the root user to bind to "privileged" ports (< 1024).
# ssh -f -N -L 1234:localhost:110 user@POP3_server

3. Test the tunnel.
$ telnet localhost 1234
You should see the POP3 server's banner information.

4. Configure your mail client to access your mail via POP3 using mail server localhost and port 1234.

"Reverse" ssh tunnel
It is possible to create a "reverse" ssh tunnel. The reverse tunnel will allow you to create an ssh tunnel from your work computer to your home computer, for example, and then login to your work machine from your home machine even if your work firewall does not permit ssh traffic initiated from your home machine!

For this to work, an ssh server must be installed on your work and home computer, and ssh (TCP port 22) must be allowed outbound from your work computer to your home computer.

$ ssh -R remote_port:localhost:22 your_home_computer

ex. $ ssh -R 2048:localhost:22 home.computer.com

At home, you would then run ssh -p 2048 localhost to log into your work computer via ssh.

Маршрутизация в Solaris 10 без reboot.

Enable/Disable IP Forwarding in Solaris 10 without reboot
April 24, 2008 · Filed Under Networking, Solaris 10

IP packet forwarding is the process of routing packets between network interfaces on one system. A packet arriving on one network interface and addressed to a host on a different network is forwarded to the appropriate interface.

In Solaris 10, IP Forwarding can be enabled or disabled using the routeadm & ifconfig commands as against the ndd commands in Solaris 9 and earlier. The advantage is the change dynamic and real-time and the change persist across reboot unlike the ndd command.

Enable/Disable IP Forwarding globally

To globally enable IP Forwarding in Solaris 10 use the routeadm command as follows:

In IPv4

solaris10# routeadm -e ipv4-forwarding

In IPv6

solaris10# routeadm -e ipv6-forwarding

The switches “-e” enables IP Forwarding.

To disable IP Forwarding

In IPv4

solaris10# routeadm -d ipv4-forwarding

In IPv6

solaris10# routeadm -d ipv6-forwarding

The switches “-d” enables IP Forwarding.

After the change run the following command for the changes to take effect.

solaris10# routeadm -u

Enable/Disable IP Forwarding per interface

To enable IP Forwarding on a specific interface (say ce0) using the ifconfig command

In IPv4

solaris10# ifconfig ce0 router

In IPv6

solaris10# ifconfig ce0 inet6 router

To disable IP Forwarding for an interface (say ce0)

In IPv4

solaris10# ifconfig ce0 -router

In IPv6

solaris10# ifconfig ce0 inet6 -router

Взял тут