understanding example (proxying over ssh)

Juli Mallett juli at clockworksquid.com
Tue Feb 19 00:47:05 PST 2013

Your understanding sounds correct to me at a glance.  A diagram may be
more helpful than text, though.

Your client and server should be separate machines, whether on the
same LAN or with a WAN in between them.  SSH is just being used here
to encrypt and authenticate the traffic between the client and server,
and to forward ports on localhost so that you don't have to have ports
listening where something else could connect to them.

If that's confusing or unnecessary for your testing, I would suggest
that you remove the SSH port forwarding from the picture entirely.
It's not necessary for correct operation, and seems to be more of a
stumbling block than I had assumed when I used it in the example on
the website.


On Tue, Feb 19, 2013 at 12:19 AM, Boxiang Pan <aquarypbx at gmail.com> wrote:
> Hi,
> I am still having some doubts understanding the first example (proxying over
> ssh) at wanproxy.org/examples.shtml.
> Please correct me if I am wrong. From my understanding, we have a client
> machine, on which we have client.conf and run wanproxy -c client.conf. In
> the client.conf, it listens on if0.host on port if0.port, then forward the
> connection to peer0.host on peer0.port.
> Next, we have a server machine, on which we have server.conf. In
> server.conf, it listens incoming connection on if0.host on if0.port ( This
> implies that "peer0.host, peer0.port" in client.conf should be the same as
> "if0.host, if0.port" in server.conf) , and forward the connection to
> peer0.host ("intranet" in the example) on peer0.port. Finally, on the server
> machine, we run "ssh -L 3301:localhost:3301 username at server wanproxy -c
> server.conf " , where the username is the login name of the server machine.
> (question: what should localhost in the above command be if my client and
> server are separate machines on the same LAN?)
> Besides the server and the client, we also have a third machine "intranet",
> that listens on "peer0.port" in the server.conf ( 80 in the example). This
> machine does not need to have wanproxy installed.
> What we did here was to forward everything that goes to "if0.host ,
> if0.port"  in client.conf , by the proxy at "if0.host, if0.port" in
> server.conf,  to the "intranet" machine at port 80.  For example, if I type
> "ssh user at -p 3300", it will actually connect to "intranet" on port
> 80.
> Please correct me if I am wrong. Thank you very much.
> --
> Boxiang Pan
> Department of Electrical and Computer Engineering
> University of California, San Diego
> Tel: 858-999-7655

More information about the wanproxy mailing list