Connecting/Tunneling to remote server to bypass firewall

Question

I want to try out some of the MySQL software, like Workbench, on the MySQL Db I develop on at work. After many failed attempts to make the connection, I finally asked one of the server admins if I was doing something wrong and was informed that the Db is behind firewall. So I can use phpMyAdmin, since it's installed server-side, but not Excel, Workbench, etc (from my machine).

So I would like to know if there is a fairly standard way to make a VPN-like connection to the server. Currently I use an SSH client to connect with no problem. But obviously that's not linking my local apps to the server. So can I make the connection in such a way that my whole system (so to speak) is considered signed on to the server? VPN is the closest analogy I can make, but that's not an option.

And....

Is that considered fairly "black hat" or is just something I don't know how to do but all the cool kids are doing it legitimately?

Thanks

Answer 1

Admins where I am have an Open-VPN that connect their personnal computer at home to servers at work, but it is used only for maintenance and 'emergency'.

I don't think it is good for security to have "holes" in the firewall, especially to a private place, where there is no firewall to protect your personnal computer.

These kind of practise is possible but has to be retricted to minimum

Answer 2

SSH tunnelling is excellent and can make life a lot easier.

The advantages are that it is all running over an encrypted port, 22, so the security is better and you can also compress the session, so over a slow network might see a bit of a performance improvement...

If you are using Windows, I would recommend puTTY which is available easily if you google it... Once connected, you can assign a local port which forwards to a port on the remote machine. In puTTY, this is in the Connection->SSH->Tunnels dialog.

I often use this for forwarding VNC - so if you have localport 5900 forwarding to the remote address 5900, you can connect to localhost:5900 as if you were connecting to the remote IP address.

It is also useful if there is a "hop" to a remote network - e.g. you aren't limited to forwarding to the ssh server you are connected to, you can also connect to other servers via the ssh server you are using.

Finally, I don't think that there is anything illegitimate about this option - you are using the ssh connection as intended and have been granted access to the server you are using. If anything, it is increased security...

Answer 3

This is simple using SSH tunneling. Simply do something akin to the following:

ssh -f [email protected] -L 4040:your.remote.host:3306 -N

This does the following:

• -f - forks SSH into background
• [email protected] - the user & host for SSH to connect to
• -L 4040:your.remote.host:3306 - Listen for local connections on port 4040, and forward them via SSH to your.remote.host port 3306
• -N - tells SSH not to issue a command on the remote host

You would then be able to connect to your mysql server (assuming the above ports are correct) using:

mysql --host=localhost --port=4040 --user=mysqluser -p