3

This is a real beginner question, I know. But I really don't seem to be able to wrap my head around the terminology to get what I want working.

And since I want to do this on a router that 40-50 people rely on for internet, my usual approach of breaking things until it works is also not going to work.

So here's what I want to do. I have a router (a Debian box with shorewall) with a static IP cable.example.com. I have an internal fileserver assigned 192.168.0.3. I can currently ssh into the router, and from there ssh into the filesever. However, I want to make the fileserver available externally for both myself and others with a typical sftp client.

Could someone at least give me an idea of what I'm looking for? Tunneling out, tunneling in, port forwarding, iptables – they all seem to describe what I want to do, but I can't get a firm idea of how to get it to work.

Zelda
  • 6,262
  • 1
  • 23
  • 28
  • what you need here is binding a port externally to the internal server file. That I don't know the synthax precissely, but shouldn't be too hard. also I can't only advise you too be really carfull with the way you want to use your configuration because exposing on interneta fileserver could be considered as a major security leaks. – Kiwy Dec 02 '13 at 17:05
  • You could also use ssh as a proxy. more info here http://www.linuxjournal.com/content/use-ssh-create-http-proxy – Kiwy Dec 02 '13 at 17:06
  • Usually routers support this (called virtual server or something like this). Check if your router has this capability and then it is very easy to connect to that server from everywhere if you config it. – Vombat Dec 02 '13 at 17:07

2 Answers2

3

You can do this through ssh's ProxyCommand facility. Add the following to your $HOME/.ssh/config file. Create it if it doesn't exist with just this content:

Host remoteserverX
    User userint
    ProxyCommand ssh userext@externalserver nc remoteserverX %p
Host remoteserverY
    User userint
    ProxyCommand ssh userext@externalserver nc remoteserverY %p

You then connect to the different internal remote servers like this:

$ ssh remoteserverX

-or-

$ ssh remoteserverY

This is the tip of the iceberg as far as this feature goes. Check out this U&L Q&A titled: SSH tunnel through middleman server - how to connect in one step (using key pair)?, for more details.

NOTE: The above method is making use of a tool called nc (netcat) which should be in any major distros' repositories.

This isn't exactly the same as Nginx's redirection, you're tunneling through the external system to get to the internal system, but it has a similar effect.

Complex examples

  1. One Host stanza, many hosts.

    Host *.mydom.com *
        ProxyCommand ssh externalserver nc %h %p
    
  2. One `Hosts stanza, for many users.

    Add the Hosts stanza to the system's /etc/ssh/ssh_config file so that anyone logging into the box can make use of it.

slm
  • 369,824
0

There will be various approaches depending on how you want to connect to the fileserver.
One option is to port forward FTP traffic so that when you FTP to your "router" it passes it though to the fileserver. The shorewall documents might be of use here.
http://articles.slicehost.com/2007/10/10/rsync-exclude-files-and-folders
The only issue with that is that it exposes your fileserver to external traffic. In which case you could change the port that you use on the router to connect, for example
Use port 2121 on the router and have it forward through to the fileserver's port 21 and then change the port on your FTP client to reflect this.

Steve N
  • 41