Re: port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 20.09.2013 22:39, schrieb bruce:
> I'd like to be able to change the ip adress of the gearman processes
> from localhost, to the actual ipaddress of the machine. This of course
> involves changing the port forwarding from the client to the server
> machine.
> 
> Thoughts/Comments would be useful

simple with a systemd-unit which also survives a reboot of the target machine
because the command in ExecStart (which is *one* line inclduing the port
22 of the forwarded service, in this case SSH of a internal machine)
will fail in that case and the SSH command is executed 60 seconds later

/etc/sysconfig/forwarding contains the IP-address where the forwarding
should listen instead 127.0.0.1, done this way because there is a fallback
machine, more than one such services and so the systemd-units can be re-used

the result in short is 192.168.0.35:11025 is the forwarded 192.168.1.15:22
192.168.0.0/24 is a different subnet than 192.168.1.0/24, the numbers are
generic to not disclose network-configurations, the files below are
from a live-machine in all other parts
________________________________________________

[root@localhost:~]$ cat /etc/sysconfig/forwarding
LOCAL_ADDRESS=192.168.0.35
________________________________________________

[root@localhost:~]$ cat /etc/systemd/system/forward-fileserver.service
[Unit]
Description=SSH-Forwarding Fileserver
After=network.service openvpn.service hostapd.service network-wlan-bridge.service network-bonding-bridge.service

[Service]
Type=simple
EnvironmentFile=/etc/sysconfig/forwarding
ExecStart=/usr/bin/ssh -i /home/ssh-gateway/.ssh/id_rsa ssh-gateway@192.168.1.15 -N -C
-L${LOCAL_ADDRESS}:11025:127.0.0.1:22
Restart=always
RestartSec=60
TimeoutSec=30
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE

[Install]
WantedBy=multi-user.target

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux