Received: Fri, 16 Jan 2004 12:48:55 +0900
And lo Jim wrote:

> Let's say I have two machines, one work machine
> behind a firewall and a home machine. I cannot
> connect to A from B because of the firewall, but
> I can connect from A to B. So, while at work, I
> make a connection to B. Then when I get home, I
> assume there is a way that I can call back into
> A with that open connection.
(I assume one of those is B to A)

SSH can create port forwarding tunnels in either direction.

Suppose you can't log into your home network from work, but you can log into your work network from home. All via SSH

On your home server:

ssh -R 9877:localhost:1234 yourusername / yourcomputer.at.work.com

This will both log you into your work computer from home, AND open port 1234 on yourcomputer.at.work.com - if you connect to yourcomputer.at.work.com:1234, it is essentially the same as connecting to home.server.net:9877. You can use 9877 local and remote, I just used 1234 so you know which number is which. You can also use this with port 22 as the local port to allow SSH connections in that normally can't.

To do the reverse:

Suppose only your port 22 outgoing from home to work is allowed out by your firewall. Simply switch -R to -L

ssh -L 1234:localhost:9877 yourusername / yourcomputer.at.work.com

Then if you connect to home.server.net:1234, you get whatever service is listening on yourcomputer.at.work.com:9877

So to let a script at work connect to a druby server at your home, run the -R version. To let a script on your home box connect to a druby server at work, run the -L version. In both cases, run them from your home server.

Also, you might want to consider appending "-f sleep 86400" to either command, if you don't want a login prompt. Instead, it will background SSH, and it'll listen for 86400 seconds (1 day) So ...

ssh -R 9877:localhost:9877 yourusername / yourcomputer.at.work.com -f sleep 86400

That'll make the port forwarder active for 1 day. Tweak at will.

Hope this helped, and wasn't overly in depth.

- Greg