SSH tunnels provide a very effective means to access remote services and applications. Not only does it provide encryption of data between hosts, but it allows you to route connections between a sequence of servers, thus chaining connections. A common use of this method is to provide encrypted connections to MySQL servers so that user accounts can be limited to only “localhost” privileges, yet accessed from remote workstations without having to run MySQL+SSL.

The concept is simple, for example let’s say you have three servers: localhost (your workstation in America), a server in Europe, and a server in Japan. You want to access Apache running on port 80 on the Japan server but because of firewall restrictions you cannot access port 80 remotely, and to make things more difficult the Japan server only allows SSH connections from the Europe server’s IP. We can solve this by creating a SSH tunnel that forwards localhost port 8080 …

At the weekend I completed a new nagios / icinga plugin. The check_juniper_srx_ipsec_tunnel.pl plugin checks via SNMP the IPSec VPN / Tunnel State for a given VPN Gateway on a Juniper SRX gateway.

Usage: ./check_juniper_srx_ipsec_tunnel.pl -H <Juniper Hostname> -g <IPSec Tunnel Gateway> -C <SNMP Community>

You will find the plugin on my projects page

Related Posts:

• how to determine the runtime and start time of a Linux process
• how to test the plain and encrypted SMTP/POP3/IMAP and HTTP …

Month ago I was on a vacation and as usual even though our hotel provided us with an internet connection on a pretty decent speeds, I wasn’t able to work there because they’ve banned all tcp ports but some major ones (like 80, 21, etc) and I needed to be able to use ssh, mysql, IMs and other non-web software.

After a short research I’ve found a pretty simple to set up and easy to use approach to such a connection problems I’d like to describe here.

First, you’ll need someone (or you can do it before leaving home) to start an ssh daemon on port 80 on one of your servers. I use one of my Slicehub slices for this to permanently have an ability to use it. You can do it like this (if it is a temporary solution):

Notice: this `which sshd` was used because on some OSes sshd does not want to start w/o an …