On leaving work I do
ssh -R 2096:localhost:80 www.serverathome
from my linux box
then at home from my desktop I do
http//serverathome:2096
and my apache page comes up
http://serverathome:2096/mediawiki
gives a name not found error unless i add to my client /etc/hosts
serveratwork 192.168.0.1(home server IP address)
and then http:/serverathome:2096/mediawiki
tells me the wiki isnt installed and takes me to the configuration page
, yet at the same time my secretary can access it from the LAN at work
with http://serveratwork/mediawiki
Why ?( I suspect it could be somthing to do with PHP sessions???)
Is it soluble?
PDC> ive got media wiki running at work and in the office can do
PDC> http://serveratwork/mediawiki and it appears
PDC> On leaving work I do ssh -R 2096:localhost:80 www.serverathome
PDC> from my linux box
PDC> then at home from my desktop I do http//serverathome:2096 and my
PDC> apache page comes up
PDC> http://serverathome:2096/mediawiki gives a name not found error
PDC> unless i add to my client /etc/hosts
PDC> serveratwork 192.168.0.1(home server IP address)
PDC> and then http:/serverathome:2096/mediawiki
PDC> tells me the wiki isnt installed and takes me to the
PDC> configuration page , yet at the same time my secretary can access
PDC> it from the LAN at work with http://serveratwork/mediawiki
PDC> Why ?
1) When you type http//serverathome:2096 into your browser, it supplies
the name "serverathome" to the web server in the Host header of the
HTTP request. The server doesn't know anything about this name.
2) The wiki code generates links in its HTTP output that refer to
"serveratwork". Your local host doesn't know anything about that
name.
PDC> Is it soluble?
As you discovered, you can fix it in a limited way if you map the name
"serveratwork" on the client side. However, what you really need is a
proxy. If your web browser supports SOCKS, you may be able to use the
OpenSSH -D feature -- although this is less useful than it should be,
since (at least the last time I checked) OpenSSH does not pass name
resolution through SOCKS. Also, you'd have to establish an SSH connection
from home to work. Alternatively, you could run an HTTP proxy
(e.g. Squid) at work, forward a port to that, and set your browser to use
the forwarded socket as its HTTP proxy.
--
Richard Silverman
r...@qoxp.net
My server has shorewall as a firewall.
Is that do-able from the SSH point of view ? - and then I just point
a vnc client to eg localhost:5910 and my serveratwork GUI should appear
!
or some sort of proxypass directive translate both ways
It's time to check again :-)
OpenSSH has supported SOCKS5 since (I think) 3.7x, and it includes support
for remote host lookups (ie SOCKS5_DOMAIN) if the SOCKS client sends them.
Last time I checked most browsers don't send SOCKS5_DOMAIN requests even
when they're configured to use SOCKS5, though.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
DT> On 2005-11-10, Richard E. Silverman <r...@qoxp.net> wrote:
>> If your web browser supports SOCKS, you may be able to use the
>> OpenSSH -D feature -- although this is less useful than it should
>> be, since (at least the last time I checked) OpenSSH does not pass
>> name resolution through SOCKS.
DT> It's time to check again :-)
DT> OpenSSH has supported SOCKS5 since (I think) 3.7x, and it includes
DT> support for remote host lookups (ie SOCKS5_DOMAIN) if the SOCKS
DT> client sends them.
DT> Last time I checked most browsers don't send SOCKS5_DOMAIN
DT> requests even when they're configured to use SOCKS5, though.
Thanks for the correction Darren -- in fact, I didn't even remotely write
what I was thinking. :) What I meant to say was just what you said: that
most *browsers* don't do the right thing (not OpenSSH), making the method
much less useful than it should be. In fact, I believe the only browser I
ever found that did resolve names via socks5 was, amazingly enough... IE
for OS X. If anyone knows of any others, I'd love to hear about it.
--
Richard Silverman
r...@qoxp.net
Now most of you on this board probably knew this; I'm new at this, but
hopefully it will help someone.