Michael Renner wrote:
On Friday 23 January 2009, Bill Eldridge wrote:
Michael Renner wrote:
On Friday 23 January 2009, Bill Eldridge wrote:
I was interested in whether there's a simple way to have stunnel redirect traffic from a public Web browser/port to my home Web browser behind my DSL firewall (no ports opened/forwarded for incoming connections on the router, only outgoing-initiated)
Moin,
it is not clear to what you want to do. From a public web browser to your home web browser?
Can you clarify your setup?
As an example if I run Apache on my home machine, I'd like it to start the tunnel when I turn it on, have it automatically set up stunnel to a Linux box I have on the public net, and have anything to port 8090 on the Linux box get passed to my home machine 8080.
Even this is the stunnel list, I recommend to use a reverse ssh tunnel together with netcat to do this.
The particular reason has to do with having stunnel on all of the boxes I'm interested in and not having ssh on all of them. (The reasoning is a bit more convoluted than that, but let's just say I'm interested in doing this with stunnel in particular if possible, not alternative approaches, but thanks, yes, the ssh approach is very straightforward.
So, can stunnel create an outgoing tunnel from behind a firewall for the Web server to follow back in (similar to the ssh scenario you describe? Though actually you don't need the netcat portion there: ssh -R handles all of that fine)
Setup netcat as an inetd application listening to port 8090 and redirect anything to localhost:8080 at the remote host.
At your local maschine (with the apache) start a reverse ssh tunnel, redirect anything from localhost:8080 (in this case your remote maschine) to your local machine:8080
home # ssh -R 8080:localhost:8090 user@remote You should use a key to get rid of the password question!
Add a line like this to the remote /etc/inetd.conf: 8090 stream tcp nowait nobody /usr/bin/nc /usr/bin/nc localhost 8080
CU