add example for -R '*:... and mention server certificate
This commit is contained in:
parent
60cdb5d1e9
commit
1f5daeb046
10
README.md
10
README.md
|
|
@ -63,6 +63,7 @@ The `permitopen` and `permitlisten` options can be used multiple times in a row.
|
|||
* `port` is the port number on the `host` that will be forwarded to the client
|
||||
|
||||
## Client side configuration
|
||||
First connect to your server manually, in order to accept the server certificate!\
|
||||
You should run the client side ssh command in a loop because it is tuned to terminate as soon as errors are detected. Don't worry, this is well tested. If you are old school you simply put this into `/etc/rc.local`:
|
||||
|
||||
```
|
||||
|
|
@ -107,8 +108,9 @@ Please beware that the hostname part in the `-L` and `-R` options must be spelle
|
|||
|
||||
## Example
|
||||
|
||||
In this example we forward a http based service running on the client (port 80) to the server (port 2280). The server can than deliver the service via its own webserver. Port 2280 on the server is only available locally.
|
||||
Additionally the client accesses the remote mail server (port 25) and provides local access for applications running on the client (through port 2225). That way an application on the client can send mail via the remote server. It is not necessary to to open the remote mail relay to the internet. Requests to port 2225 on the client are treated as if they were done locally on the server.
|
||||
In this example we forward a http based service running on the client (port 80) to the server (port 2280). The server can than deliver the service via its own webserver. Port 2280 on the server is only available locally.\
|
||||
Additionally the client accesses the remote mail server (port 25) and provides local access for applications running on the client (through port 2225). That way an application on the client can send mail via the remote server. It is not necessary to to open the remote mail relay to the internet. Requests to port 2225 on the client are treated as if they were done locally on the server.\
|
||||
The last forwarding coud be used to publicly offer a service runninging on the client (port 9999) via the server (port 8080). Port 8080 on the server can be accessed by everyone on the internet and will be forwarded to port 9999 on the client.
|
||||
|
||||
### Server
|
||||
|
||||
|
|
@ -128,12 +130,14 @@ restrict,command="",port-forwarding,permitlisten="localhost:2280",permitopen="lo
|
|||
|
||||
### Client
|
||||
|
||||
Before running the script, test the command manually. This is also important if you were not connected to this server before from your client. On your first connection you have to accept the server key!
|
||||
|
||||
#### /etc/rc.local
|
||||
```
|
||||
#!/bin/bash
|
||||
|
||||
(while true; do
|
||||
ssh ssh-port-forwarding@myserver.example.com -TNnqakx -o "TCPKeepAlive yes" -o "ServerAliveInterval 5" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -R '2280:localhost:80' -L '2225:localhost:25'
|
||||
ssh ssh-port-forwarding@myserver.example.com -TNnqakx -o "TCPKeepAlive yes" -o "ServerAliveInterval 5" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -R '2280:localhost:80' -L '2225:localhost:25' -R '*:8080:localhost:9999'
|
||||
sleep 30
|
||||
done) &
|
||||
disown
|
||||
|
|
|
|||
Loading…
Reference in New Issue