[arch-general] tunneling help needed (ssh?)

[Taylor Hedberg]

Maybe somebody has a better solution than this, but to me, the following
would be the obvious approach.

If host "A" is the fully firewalled server that hosts the FTP directory,
and server "B" is the server on which port 80 is accessible, then:

    1. Run an FTP daemon on server A which limits access to the users
       you specify
    2. On server B:
        
           ssh -L :80:A:21
       
       where "A" is the IP address or hostname of server A

Then, clients can FTP to port 80 on server B and their traffic will be
forwarded to the FTP daemon on A.

It would be better to use some port other than 80 though, because:

    - If a web server is running already on B, it will probably have
      bound port 80
    - 80 is the well-known port for HTTP, and it's not a great idea to
      reappropriate it for some other protocol even if it's not being
      used for HTTP
    - You have to be root to bind ports < 1024, so the ssh tunnel will
      have to be started as root

So, if you can use some arbitrary port >= 1024 for the tunnel, it would
be preferable.

I don't think you can do this without involving B at all, if that's the
only Internet-facing host on the LAN that you can do anything with.