Web Development

If you don't want to make holes in your firewall because it would looks like "swiss cheese"... you might want to consider using SSH client to create tunnels into desired ports on the target machine.

A tunnel is sort of a link between your local machine and target machine... the application that runs on your machine will not be aware that it is using resources from another machine.

An abstract command is like this:

# ssh -f -L LOCAL_PORT:LOCAL_INTERFACE:DESTINATION_PORT DESTINATION_USER@DESTINATION_MACHINE sleep TIME_TO_WAIT

Follow up:

• -f - is telling ssh to go into background
• -L - is telling ssh that a port forward declaration will follow
• LOCAL_PORT - is a port on the local machine that you wish forwarded
• LOCAL_INTERFACE - is the interface, usually you would want to put localhost here but you can also use eth0
• DESTINATION_PORT - destination port on the target machine
• DESTINATION_USER - user on the remote machine
• DESTINATION_MACHINE - the remote machine
• TIME_TO_WAIT - how many seconds to wait for tunnel usage, after this amount of seconds the ssh process will exit if a connection is not established

Too much text... a real example would be appreciated.

So here is it: you have a machine serverAbc where you can connect with user mightyUser and you want to forward a port let's say 3336 to the MySQL serer running on serverAbc on port 3306, for security reasons you will want to bind to localhost (so that only connections from your local machine's loopback will be forwarded to the remote machine) and you will want 20 seconds grace period to connect to the given machine...

Putting all of the above together we have a tunnel to a MySQL server on the remote machine... that is above all encrypted:

# ssh -f -L 3336:localhost:3306 mightyUser@serverAbc sleep 20

Now depending on your setup standard ssh authentication mechanism applies: public/private keys or password.

Happy tunneling !