SSH to do reverse proxy

To tell the truth, I am not familiar with the concept of reverse proxy, just feel that the following things to do is an agent of the reverse process, so use this noun.

The problem scenario is this: I have access to two sets of Linux clusters, respectively A and B, which are independent of each other. Where a, b cluster can access the external network, but only a cluster has a public network IP, so from the external network directly login B will not work. The problem to solve is to be able to log in to cluster B from the outside network.

My understanding of the agent is: a machine can not access the outside network, through the LAN within a network to access the machine proxy services, you can achieve the purpose of access to the network.

And I think the reverse proxy is the reverse process, this is sure to do, such as: we are in the external network to a local area network Windows Remote Desktop control is facing the problem of IP address non-public network, but QQ can be Remote Desktop can complete such a demand, the difference is that a passive controlled, One is the unsolicited request to be controlled, Trojan horse or something, in fact, are actively requested to be controlled.

So, between Linux clusters, how can I solve the problems encountered? Here are some of the things you can do from Http://portable.easylife.tw/entry/Reverse-SSH-Tunnel, which is exactly what you need to be able to handle.

SSH tunnel is usually used to accomplish a similar proxy function,

The red area can be accessed through Sshtunnel to the originally restricted green section, which is often used to FQ.

Reverse tunnel can solve the problems I actually encounter:

Through the reverse tunnel can be done, the specific steps are as follows (reproduced here, welcome reprint and Go):

Sample environment:

LAN Host:

Servera/linux/user Usera/ip192.168.0.123/ssh Port 22

Serverb/linux/user Userb/ip192.168.0.125/ssh Port 22

PC/WINDOWS/IP 192.168.0.128/Remote Desktop port3389

Remote host:

Myserver/linux/user ME/IP 1.2.3.4/ssh Port 22

SSH parameters:

-N: Do not perform any instructions

-F: Background execution

-R: Establishing reverse Tunnel

Example 1: Back ServerA from myserver SSH

[[email protected]] $ ssh-nfr2222:localhost:22 [email protected]

--------------------------------------------------------------

[[email protected]] $ NETSTAT-TNL | grep 127.0.0.1

TCP 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN

[[email protected]] $ SSH [email protected]-P 2222

MyServer connected to 2222 port will turn to ServerA SSH Port, successfully connected to ServerA

Example 2: Back ServerB from myserver SSH

[[email protected]] $ SSH-NFR 2244:192.168.0.125:[email protected]

--------------------------------------------------------------

[[email protected]] $ NETSTAT-TNL | grep127.0.0.1

TCP 0 0 127.0.0.1:2244 0.0.0.0:* LISTEN

[[email protected]] $ SSH [email protected]-P 2244

MyServer connected to the native 2244 port will be directed to the ServerB SSH port, successfully connected to the ServerB

Example 3: Remote Desktop PC from MyServer

[[email protected]] $ ssh-nfr2266:192.168.0.128:3389 [email protected]

--------------------------------------------------------------

[[email protected]] $ NETSTAT-TNL | grep127.0.0.1

TCP 0 0 127.0.0.1:2266 0.0.0.0:* LISTEN

[[email protected]] $ rdesktop 127.0.0.1:2266

If you are in a Linux desktop environment you can display the Remote Desktop PC directly, or export display to another host.

In addition, in order to prevent the reverse tunnel disconnection, a autossh tool is also needed which can help to automatically re-connect after disconnection. This is very important to me, and in fact I seldom go to the place where B clusters are located.

For example one do autossh can do so:

[[email protected]] $ autossh-m 12345-nfr2222:localhost:22 [email protected]

Of course, in order to prevent the cluster restart or power outages and other issues, you can write the above statement in the boot-up script.

The above work can also be done through putty, such as example 3 can be set as follows:

Xshell can do the same thing:

Let's try it ~ ~ ~ ~

See a good thing today and add it up.

After doing the reverse tunnel above, only in the native SSH localhost-p to log in, want to from other IP but not, because the SSH local port forwarding binding is the Lookback interface. Look at the online blog http://blog.csdn.net/xyyangkun/article/details/7025854 said when the tunnel was built with the-G parameter can be achieved, but I did not succeed. But after reading https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/brainwave, and then set up a local public network to the native localhost tunnel is ok:

Ssh-g-L 9099:localhost:2222 localhost

This allows you to log in via SSH public network-P 9099来!

SSH to do reverse proxy