understanding example (proxying over ssh)
juli at clockworksquid.com
Tue Feb 19 11:53:13 PST 2013
That looks exactly right to me. Is it working for you in practice?
On Tue, Feb 19, 2013 at 11:50 AM, Boxiang Pan <aquarypbx at gmail.com> wrote:
> Hi, Juli,
> We will remove the ssh forwarding part then. Here's a digram with our conf
> files that I drew to show what I meant in the previous email. So all traffic
> that goest to "127.0.0.1:3300" on the client machine (192.168.0.100) will be
> forward to the server (192.168.0.101:3301) , and then the server will
> forward the traffic to the intranet (192.168.0.102:80). Is this correct?
> Thank you.
> On Tue, Feb 19, 2013 at 12:47 AM, Juli Mallett <juli at clockworksquid.com>
>> Your understanding sounds correct to me at a glance. A diagram may be
>> more helpful than text, though.
>> Your client and server should be separate machines, whether on the
>> same LAN or with a WAN in between them. SSH is just being used here
>> to encrypt and authenticate the traffic between the client and server,
>> and to forward ports on localhost so that you don't have to have ports
>> listening where something else could connect to them.
>> If that's confusing or unnecessary for your testing, I would suggest
>> that you remove the SSH port forwarding from the picture entirely.
>> It's not necessary for correct operation, and seems to be more of a
>> stumbling block than I had assumed when I used it in the example on
>> the website.
>> On Tue, Feb 19, 2013 at 12:19 AM, Boxiang Pan <aquarypbx at gmail.com> wrote:
>> > Hi,
>> > I am still having some doubts understanding the first example (proxying
>> > over
>> > ssh) at wanproxy.org/examples.shtml.
>> > Please correct me if I am wrong. From my understanding, we have a client
>> > machine, on which we have client.conf and run wanproxy -c client.conf.
>> > In
>> > the client.conf, it listens on if0.host on port if0.port, then forward
>> > the
>> > connection to peer0.host on peer0.port.
>> > Next, we have a server machine, on which we have server.conf. In
>> > server.conf, it listens incoming connection on if0.host on if0.port (
>> > This
>> > implies that "peer0.host, peer0.port" in client.conf should be the same
>> > as
>> > "if0.host, if0.port" in server.conf) , and forward the connection to
>> > peer0.host ("intranet" in the example) on peer0.port. Finally, on the
>> > server
>> > machine, we run "ssh -L 3301:localhost:3301 username at server wanproxy -c
>> > server.conf " , where the username is the login name of the server
>> > machine.
>> > (question: what should localhost in the above command be if my client
>> > and
>> > server are separate machines on the same LAN?)
>> > Besides the server and the client, we also have a third machine
>> > "intranet",
>> > that listens on "peer0.port" in the server.conf ( 80 in the example).
>> > This
>> > machine does not need to have wanproxy installed.
>> > What we did here was to forward everything that goes to "if0.host ,
>> > if0.port" in client.conf , by the proxy at "if0.host, if0.port" in
>> > server.conf, to the "intranet" machine at port 80. For example, if I
>> > type
>> > "ssh user at 127.0.0.1 -p 3300", it will actually connect to "intranet" on
>> > port
>> > 80.
>> > Please correct me if I am wrong. Thank you very much.
>> > --
>> > Boxiang Pan
>> > Department of Electrical and Computer Engineering
>> > University of California, San Diego
>> > Tel: 858-999-7655
> Boxiang Pan
> Department of Electrical and Computer Engineering
> University of California, San Diego
More information about the wanproxy