Iptables routing via SSH tunnel

Discussion:

Vipul Agarwal

2012-04-18 00:19:25 UTC

Hi guys,

I have two linux servers with root access and an external database server
which is managed by someone else.
Initially, only one of my server can access this external database server
while the other can't due to IP restriction.

I want to enable access to this external database server to my other linux
server temporarily as it'll take few days to get the IP added to the
firewall.
I think this can be done using a SSH tunnel. Please help me writing the
correct iptables rules to route all the traffic to a specific IP/port via
the SSH tunnel.

Regards,
Vipul

Tethys

2012-04-18 10:51:24 UTC

Permalink

Post by Vipul Agarwal
I think this can be done using a SSH tunnel. Please help me writing the
correct iptables rules to route all the traffic to a specific IP/port via
the SSH tunnel.

You can do this with policy routing. Create a new routing table with a
single default route via your ssh tunnel. Then add a policy rule to
tell Linux to use that table when the appropriate criteria are met.

Tet

--
"Java is a DSL for taking large XML files and converting them to stack
traces" -- Bulat Shakirzyanov
--
Gllug mailing list - ***@gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

James Courtier-Dutton

2012-04-18 11:14:56 UTC

Permalink

Post by Vipul Agarwal
Hi guys,
I have two linux servers with root access and an external database server
which is managed by someone else.
Initially, only one of my server can access this external database server
while the other can't due to IP restriction.
I want to enable access to this external database server to my other linux
server temporarily as it'll take few days to get the IP added to the
firewall.
I think this can be done using a SSH tunnel. Please help me writing the
correct iptables rules to route all the traffic to a specific IP/port via
the SSH tunnel.

Yes, ssh, use man page and read about the -L option.
It will make the remote database server look like it is on a local
port on the local PC.
--
Gllug mailing list - ***@gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Alain Williams

2012-04-18 11:19:18 UTC

Permalink

--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>
--
Gllug mailing list - ***@gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Vipul Agarwal

2012-04-20 17:37:41 UTC

Permalink

Hi guys, thanks for the replies.

Alain, I took your advise and worked like a charm. Thanks a lot! :)

Cheers,
Vip

Post by Alain Williams

linux

Post by Vipul Agarwal
server temporarily as it'll take few days to get the IP added to the
firewall.
I think this can be done using a SSH tunnel. Please help me writing the
correct iptables rules to route all the traffic to a specific IP/port via
the SSH tunnel.

If this is for a couple of days you may be able to do it via ssh.
Reconfigure the database client to connect to localhost. If the server that you
are connecting to is mysql it will listen on port 3306.
ssh -L 3306:0:3306 database_server_machine
ssh will carry (forward/tunnel) requests on the client machine port 3306 to port
3306 on the server.
A hack - but might be easier for a couple of days.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>
--
http://lists.gllug.org.uk/mailman/listinfo/gllug

--
Thanks and Regards,
Vipul Agarwal