From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1M1SoA-0002Vl-HA for garchives@archives.gentoo.org; Tue, 05 May 2009 22:08:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7EB2BE0371; Tue, 5 May 2009 22:08:13 +0000 (UTC) Received: from mail-bw0-f223.google.com (mail-bw0-f223.google.com [209.85.218.223]) by pigeon.gentoo.org (Postfix) with ESMTP id 1E64EE03A4 for ; Tue, 5 May 2009 22:08:13 +0000 (UTC) Received: by bwz23 with SMTP id 23so4620908bwz.34 for ; Tue, 05 May 2009 15:08:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=miEBkTZRtISHViU/zI6Ezsguo+Rc9dgEccR0eC9PnII=; b=LEMgjSj26D9/iuBFFMmiU3+t3TDJIAIv6BA8BDoPa4+1w5ESuqBQp8r521ZDT2Ife4 tVkN1eXHCUilMOuHSF2PLyMn55v8TXY8x/iIbPUUzwIn/XusYI6Q++DQmIIrQ9ThScgQ 7ApSSye1tm2bTWUBK6lDr78D95k2nmPsCwBRw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=uOuvbyqrcGT/HaGBdSO3v2ZTOZN+krHKe/1seroDqlSNLRWhh9lUtbdkwucTWBhG8s 6NtlYRbUKTZ8lT8PD0O0Bm3ezdHF16ND5ZYYkCkYR4HBky/uS4837hVz7sCYhrSwXPAW smLyJAC0BmHqCcDG+nLihkW0XeBAK8eBZU2No= Received: by 10.103.252.17 with SMTP id e17mr434817mus.14.1241561292361; Tue, 05 May 2009 15:08:12 -0700 (PDT) Received: from lappy.study (230.3.169.217.in-addr.arpa [217.169.3.230]) by mx.google.com with ESMTPS id 25sm4364901mul.29.2009.05.05.15.08.11 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 05 May 2009 15:08:12 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] A networking question... Date: Tue, 5 May 2009 23:07:55 +0100 User-Agent: KMail/1.9.9 References: <4A00A266.9070102@shic.co.uk> <4A00AF76.9010509@shic.co.uk> <200905052351.07728.saschahlusiak@arcor.de> In-Reply-To: <200905052351.07728.saschahlusiak@arcor.de> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1897045.zSYOBUIqIP"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200905052308.09232.michaelkintzios@gmail.com> X-Archives-Salt: 64263b3a-1936-4399-8a4f-1df9cbcdd223 X-Archives-Hash: bd20a2b0d023a3075531fa50f432bca7 --nextPart1897045.zSYOBUIqIP Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 05 May 2009, Sascha Hlusiak wrote: > Am Dienstag 05 Mai 2009 23:28:22 schrieb Steve: > > Sascha Hlusiak wrote: > > > The easiest thing would probably be to just use ssh port forwarding > > > because you already have all the pieces running anyway. Wouldn't a > > > simple > > > > > > ssh -L 12345:secondapache:https user@remotessh > > > > > > and the browsing to https://localhost:12345 do the trick? Or you could > > > use a pppd over ssh vpn, yes, but that is a bit more complex. > > > > > > - Sascha > > > > I really want to avoid having to access a non-standard port from the > > URLs - I want to use the final URLs exactly as they will be once the > > in-development website is eventually deployed. > > > > Can you recommend a 'how-to' for the pppd over ssh approach? > > # /usr/sbin/pppd pty "ssh root@remoteserver pppd notty local > 10.0.0.1:10.0.0.2" noipdefault nodefaultroute noauth updetach > > You can also just create a file in /etc/ppp/peers/ with the following lin= es > and then call 'pon': > pty "ssh root@remoteserver pppd notty local 10.0.0.1:10.0.0.2" > noipdefault > nodefaultroute > noauth > updetach > > You'll get the IP 10.0.0.2 and on the server 10.0.0.1. You need to setup > proper routing and maybe NAT for that separate subnet, but it will be a > tunnel into your home network. > > - Sascha Or even simpler solution, can't you only allow access to https from your=20 desired remote host IP address at your server's LAN firewall, or just use t= he=20 accept/deny wrapper of the server itself after forwarding the https port at= =20 the firewall? =2D-=20 Regards, Mick --nextPart1897045.zSYOBUIqIP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAkoAuMkACgkQVTDTR3kpaLYPEwCgh1xrfzHKzHD8t+ocIbp6e7fu NGIAoNHpwp9UEUA/OnfvegKv1hn3jieZ =8MsO -----END PGP SIGNATURE----- --nextPart1897045.zSYOBUIqIP--