diff --git a/README.md b/README.md index 5aad174..337c85c 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,7 @@ The client side ssh command looks like: * `-o "ExitOnForwardFailure yes"` quit ssh process if self check or __any of the forwardings__ fail (this is a crucial feature missing in autossh) * `-4` (not shown above) is optional to foce ssh to use IPv4 only (in case of problems with IPv6) * `-R [bind_address:]port:host:hostport` (see above -> `permitlisten`; can be repeated multiple times) - * `bind_address` usually `localhost` or `*` (optional but necessary) + * `bind_address` usually `localhost` or `*` (optional) * `port` port that the server should open for incoming connections * `host` hostname or address that the client should forward the connection to (e.g. localhost) * `hostport` existing port on the host that should be forwarded @@ -104,3 +104,39 @@ The client side ssh command looks like: * `hostport` existing port that should be forwarded to the client Please beware that the hostname part in the `-L` and `-R` options must be spelled exactly the same as in the `permitlisten` and `permitopen` variables on the server ("Localhost", "localhost" and "127.0.0.1" are treated different). + +## Example + +In this example we forward a http based service running on the client (port 80) to the server (port 2280). The server can than deliver the service via its own webserver. Port 2280 on the server is only available locally. +Additionally the client accesses the remote mail server (port 25) and provides local access for applications running on the client (through port 2225). That way an application on the client can send mail via the remote server. It is not necessary to to open the remote mail relay to the internet. Requests to port 2225 on the client are treated as if they were done locally on the server. + +### Server + +#### /etc/ssh/sshd_config +(changed variables) +``` +GatewayPorts clientspecified +ClientAliveInterval 5 +ClientAliveCountMax 3 +``` + +#### /home/ssh-port-forwarding/.ssh/authorized_keys +(client public key shortented to `AAAA...`) +``` +restrict,command="",port-forwarding,permitlisten="localhost:2280",permitopen="localhost:25" ssh-rsa AAAA... root@client +``` + +### Client + +#### /etc/rc.local +``` +#!/bin/bash + +(while true; do + ssh ssh-port-forwarding@myserver.example.com -TNnqakx -o "TCPKeepAlive yes" -o "ServerAliveInterval 5" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -R '2280:localhost:80' -L '2225:localhost:25' + sleep 30 +done) & +disown + +exit 0 +```