[H-GEN] iptables autoblocking
Josh Marshall
josh at worldhosting.org
Thu Jul 21 23:52:58 EDT 2005
>I need to do it as root because a "normal" user can't do port
>redirects.
>
>cheers
>David
>
>
>
I didn't think that was necessary. I think you'll find that you need to
be root to create the local port, but the remote end (your home server)
should be able to create the port direct as a normal user.
e.g. I regularly do something like:
ssh remoteend -L8080:intranetserver:80
The reason I pick 8080 for local end is because I am not root. If I was
root I could do this however:
ssh josh at remoteend -L80:intranetserver:80
Then any connects to my box at port 80 are forwarded down the ssh
tunnel, and I'm still using an unprivileged user at the other end.
Regards,
Josh.
More information about the General
mailing list