This is easily done using SSL tunelling.
So at work, or elsewhere I can just run
ssh -L 2222:insidehost:22 user@openWRT-public-ip
This opens an ssh connection to the OpenWRT router and also sets up a forwarding port. So now I can open another window (I use CygWin) and do
ssh insideuser@127.0.0.1 -p 2222
Or, to copy files:
scp -P 2222 insideuser@127.0.0.1:/tmp/file1 .
So basicly I have access to copy files across the Internet to/from a server hidden behind a firewall. Be aware, that scp uses uppercase -P to specify port number, whereas ssh uses lower case.
The same method can be used to access internal web servers behind openWRT. If the internal server expects a hostname, you would also need to modify the local hosts file to point your internal servername to 127.0.0.1.
You can also use this method to access external hosts, tunnelling through your home router. Just use an external hostname instead of insidehost in the first ssh statement. So if you can't access http://whatever.com:8888 due to company blocking non-standard ports, you can do
ssh -L 8888:whatever.com:8888 user@openWRT-public-ip
and then add whatever.com to your local hosts file, pointing to 127.0.0.1. But this will kill access to port 80/443 on the same server, unless you set those up as well. This would conflict with a local webserver.
I more often use this on Windows:
ssh -L 22:internalserver.local:22 user@openWRT-public-ip
This allows me to scp files to internaluser@localhost:/dir
If working with SOCKS aware apps, you can also set up a SOCKS proxy that tunnels all traffic to the remote openWRT. This is done by
ssh -D 1080 user@openWRT
which creates a listening SOCKS proxy at port 1080, the default SOCKS proxy port.
Ingen kommentarer:
Send en kommentar