Hi all,
I've done a bit of research, but networking is not my native language, so I'm struggling a bit in how to accomplish this.
I have two servers: Server A, and Server B.
Server A has two public IP addresses on one interface (eth0) x.x.x.x and x.x.x.y, and a local address on another interface: 192.168.108.3
Server B is a much larger server running many jails. One of those jails acts as a bastion, with an IP on one of it's interface that is accessible to Server B: 192.168.108.1
I have a bit of a janky setup where I route specific ports using a reverse tunnel via SSH. (`ssh -R x.x.x.y:22:192.168.0.y server_a`). However, this only works for TCP and I'd like to have all ports for a specific IP to route to all ports on another server. I'd like it to map all traffic (tcp/udp) on all ports to the equivalent jail on the Server A.
That way if I run curl x.x.x.y, it'll resolve to my service running on the jail I have that IP mapped to. Or if I want to ssh to x.x.x.y, that would resolve as well.
SSH tunnels worked for awhile, but now I have services that I'm trying to expose (ssh, git, mosh, ssh3), that make the tunnels a bit more difficult and/or impossible to manage.
Would this be NAT? Or maybe double NAT? Any ideas on how to replace this setup? I'm not hung up on the client / server approach of ssh, but I'd like to use off the more standard tools if available. PF seems like it would be the correct way to do this, but it's a bit greek to me.
I've done a bit of research, but networking is not my native language, so I'm struggling a bit in how to accomplish this.
I have two servers: Server A, and Server B.
Server A has two public IP addresses on one interface (eth0) x.x.x.x and x.x.x.y, and a local address on another interface: 192.168.108.3
Server B is a much larger server running many jails. One of those jails acts as a bastion, with an IP on one of it's interface that is accessible to Server B: 192.168.108.1
I have a bit of a janky setup where I route specific ports using a reverse tunnel via SSH. (`ssh -R x.x.x.y:22:192.168.0.y server_a`). However, this only works for TCP and I'd like to have all ports for a specific IP to route to all ports on another server. I'd like it to map all traffic (tcp/udp) on all ports to the equivalent jail on the Server A.
That way if I run curl x.x.x.y, it'll resolve to my service running on the jail I have that IP mapped to. Or if I want to ssh to x.x.x.y, that would resolve as well.
SSH tunnels worked for awhile, but now I have services that I'm trying to expose (ssh, git, mosh, ssh3), that make the tunnels a bit more difficult and/or impossible to manage.
Would this be NAT? Or maybe double NAT? Any ideas on how to replace this setup? I'm not hung up on the client / server approach of ssh, but I'd like to use off the more standard tools if available. PF seems like it would be the correct way to do this, but it's a bit greek to me.