port forwarding

Reindl Harald h.reindl at thelounge.net
Fri Sep 20 20:49:26 UTC 2013


Am 20.09.2013 22:39, schrieb bruce:
> I'd like to be able to change the ip adress of the gearman processes
> from localhost, to the actual ipaddress of the machine. This of course
> involves changing the port forwarding from the client to the server
> machine.
> 
> Thoughts/Comments would be useful

simple with a systemd-unit which also survives a reboot of the target machine
because the command in ExecStart (which is *one* line inclduing the port
22 of the forwarded service, in this case SSH of a internal machine)
will fail in that case and the SSH command is executed 60 seconds later

/etc/sysconfig/forwarding contains the IP-address where the forwarding
should listen instead 127.0.0.1, done this way because there is a fallback
machine, more than one such services and so the systemd-units can be re-used

the result in short is 192.168.0.35:11025 is the forwarded 192.168.1.15:22
192.168.0.0/24 is a different subnet than 192.168.1.0/24, the numbers are
generic to not disclose network-configurations, the files below are
from a live-machine in all other parts
________________________________________________

[root at localhost:~]$ cat /etc/sysconfig/forwarding
LOCAL_ADDRESS=192.168.0.35
________________________________________________

[root at localhost:~]$ cat /etc/systemd/system/forward-fileserver.service
[Unit]
Description=SSH-Forwarding Fileserver
After=network.service openvpn.service hostapd.service network-wlan-bridge.service network-bonding-bridge.service

[Service]
Type=simple
EnvironmentFile=/etc/sysconfig/forwarding
ExecStart=/usr/bin/ssh -i /home/ssh-gateway/.ssh/id_rsa ssh-gateway at 192.168.1.15 -N -C
-L${LOCAL_ADDRESS}:11025:127.0.0.1:22
Restart=always
RestartSec=60
TimeoutSec=30
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE

[Install]
WantedBy=multi-user.target

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130920/96497b0a/attachment.sig>


More information about the users mailing list