I've just created a development server that I want restricted to local
access only, but allow SSH tunneling, too. (Part of the reason is that
I only have one public IP, but I wanted multiple SSL domains.)

My router forwards public port 18020 to port 20 on my host machine.

I tried ssh -p 18020 -L 19000:localhost:19000 gcnovus@my.public.domain,
and then set up my browser to use localhost:19000 as a proxy for all
services, but I got:
channel 3: open failed: connect failed: Connection refused

I've read around on the forum, and found some posts about starting the
connection from inside the firewall, then creating another one within
that connection, but I won't be around the server to initiate those
connections. I also noticed some information about an /etc/.hosts
file, but I'm fairly new to unix and am quite confused.

If anyone has any suggestions, I'd greatly appreciate them.

Thanks,
GCN

sorry, just to be clear:
I ran the SSH command from the OutsideTheFirewall (OF) computer, and
the error message showed up within that SSH connection (though,
technically, on the IF computer).

-gcnovus

gcnovus wrote:

> I've just created a development server that I want restricted to local
> access only, but allow SSH tunneling, too. (Part of the reason is that
> I only have one public IP, but I wanted multiple SSL domains.)
>
> My router forwards public port 18020 to port 20 on my host machine.

You mean port 22 (ssh) not 20 (ftp-data)?

> I tried ssh -p 18020 -L 19000:localhost:19000 gcnovus@my.public.domain,
----------------------------------------------^^^^^^^^^^
localhost is wrong, it should be the address of your server:
my.public.domain, but you can also use the internal address if it has
one.

You may also look into using parameters -NfC in that tunnel, you need
at least -N.

HTH
--
René Berber