Ssh – Is stunnel capable of working like ssh -R

port-forwardingsshstunnel

I have a machine running MySQL (Windows), on a private network (let's say 192.168.1.10), behind a masquerading gateway. No port forwarding to 192.168.1.10 is possible.

I also have a server with a public ip (a.b.c.d) which I need to connect to 192.168.1.10:3306.

I can easily achieve this by using ssh's remote port forward feature; however, I was wondering if it's possible to achieve the same thing using stunnel. I need 192.168.1.10 to connect to a.b.c.d and tell a.b.c.d to open a port which will be forwarded back through stunnel to 192.168.1.10:3306.

Is this scenario possible?

Best Answer

Install stunnel on the server that is supposed to do the forvarding and include this in your config when you get it running:

[mysql] accept=gateway's.public.ip.here:3306 connect=192.168.1.10:3306

Didn't test it, but that's what it should look like.

Stunnel.org has lots of examples. I like this site the most.

EDIT:

Looking at your image - what I wrote here is supposed to work on the machine you called Gateway. Calling a.b.c.d from 192.168.1.10 should be possible without anything done.

You can also configure Gateway to be a proxy.

Regardless what You use - everything will require you to work with the Gateway.

Related Solutions

SSH Tunnel – How to Configure a Shortcut for SSH Connection

As a more concrete version of Kyle's answer, what you want to put in your ~/.ssh/config file is:

host foo
  User webby
  ProxyCommand ssh a nc -w 3 %h %p

host a
  User johndoe

Then, when you run "ssh foo", SSH will attempt to SSH to johndoe@a, run netcat (nc), then perform an SSH to webby@foo through this tunnel. Magic!

Of course, in order to do this, netcat needs to be installed on the gateway server; this package is available for every major distribution and OS.

Ssh – Port forwarding for Rsync

If the server is running SSHd then you can just use rsync over SSH directly.

For instance I run things like
rsync -a --inplace some/dir/ user@remote.server.tld:/destination/dir/
all the time. There is no need to run rsync as a daemon or have port forwarding enabled as rsync will start a copy of itself using the SSH link and handle all synchronisation between itself and that instance over the SSH link too (and the remote copy closes as the connection is dropped so you don't end up with a bunch of zombie processes hanging around).

To talk over a port other than the standard one you just need to give rsync a little extra info about how it should manage the connection, like so:
rsync -a --inplace -e 'ssh -p 222' some/dir/ user@remote.server.tld:/destination/dir/

This is actually more secure (all the rsync communication is protected by SSHs secure transport, whereas with port forwarding everything is sent plain) and more convenient (no rsyncd needed, and you can use SSHs key based auth)

Best Answer

Related Solutions

SSH Tunnel – How to Configure a Shortcut for SSH Connection

Ssh – Port forwarding for Rsync

Related Topic