0

I have the current setup:

laptop -> gatekeeper -> master_server -> my_machine

There are 3 SSH's that I need to do to get to my_machine and I found a solution to do it in one step by editing SSH's config file and using ProxyCommand.

I want to access Ganglia that is hosted on my_machine and I have found a solution using SSH port forwarding:

ssh -L 9001:localhost:80 user@my_machine

And then pointing my laptop browser to http://localhost:9001. This works but I was wondering if there are other "better" methods? More specifically, if I wanted to access the Ganglia page on my smartphone, how would I go about doing that?

mchangun
  • 103
  • 2
  • What about DNAT at FW side ? or VPN ? – krisFR Apr 09 '14 at 02:13
  • No VPN. I don't know what DNAT at FW means. I have no control over gatekeeper and probably none over master_sever as well. – mchangun Apr 09 '14 at 02:16
  • 1
    "DNAT at FW side" means ["Destination Network Address Translation at Firewall side"](http://en.wikipedia.org/wiki/Network_address_translation) – krisFR Apr 09 '14 at 02:19
  • 1
    Just in case, [here is the direct link](http://en.wikipedia.org/wiki/Network_address_translation#DNAT) – krisFR Apr 09 '14 at 02:44

1 Answers1

-1

Your terminology is making it hard to give advice.

I think you mean "firewall" by "Gatekeeper" and "some server on the LAN with the 'my_computer' machine" by "master_server". You mention in a comment "I have no control over gatekeeper and probably none over master_server as well." That makes me think that you're not the systems administrator for this network, which limits your options.

Most IPv4 local area networks (LANs) that are connected to the Internet today use a firewall, located at the border of the LAN and the Internet connection. This device performs Network Address Translation (NAT), translating network traffic between private IP addresses (taken from RFC1918) used on the LAN into one or more public IP addresses assigned by the Internet Service Provider (ISP).

Here's what would typically happen when accessing your website from a device outside the LAN (e.g. your "smartphone"):

  • A systems administrator would typically configure the firewall to accept incoming connections from the public Internet

  • Your smartphone would make a request to one of the public IP addresses assigned to the Internet-side interface of the firewall

  • The firewall would receive the request from your smartphone and translate the "destination" address from the public IP address to the private IP address assigned to the "my_computer" host

  • The firewall would place the translated request onto the LAN

  • The "my_computer" host would receive the connection request from the Internet and respond back, via the firewall.

  • The firewall would receive the response from the "my_computer" host and translate the source address back to the public IP address the smartphone's request was originally sent to

  • The firewall would send the translated response to the ISP's router

Since you don't have control of the firewall you can't do what would conventionally be done.

There are other options, but none of them are as good as contacting your systems administrator and having the right forwarding through the firewall configured.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331