On Friday 07 June 2002 20:02, Bennett F. Dill wrote:
> Yes, this is exactly what I mean, but what you suggest would entail
> leaving the external port open to requests at all times. I only
> want external clients to be able to connect _if_ they are using ssh
> (which means they've been authenticated).
???
SSH port forwarding ports is local to the client only, only visible on
the loopback interface of the client itself...
A person having SSH access and wanting to use your proxy over SSH port
forwarding does
1. When invoking SSH, he selects to open a port forwarding session
from port 3128 to your proxy port 3128.
ssh -L 3128:proxyserver:3128 your.ssh.gateway
(GUI clients have other configuration options for setting up port
forwarding, but the principle is the same)
2. Then configures his browser to use 127.0.0.1:3128 as proxy.
> Does that make a bit more since? Basically, I want to enable use
> of my cache server on its' external interface on the default port
> only if the user is authenticated and using ssh. Is this
> possible???
No, but there is no need to it if you provide SSH login capabilities.
See above how to make the client connected using SSH to connect to
your proxy on the internal interface.
Regards
Henrik
Received on Sat Jun 08 2002 - 07:22:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:36 MST