Up until late 2014 when I occasionally worked at home, I used what I called the poor man's VPN. There was one machine at my company that I had ssh access to from outside and that could reach all the internal machines I needed. Call that machine ssh.example.com.
My requirements for comfortably working from home were:
1. Nothing special needs to be done at work. I don't have to ask for anything new to be installed there, or firewall rules to be changed, or anything like that.
2. I wanted to be able to refer to work machines by the same names they had on the internal network at work, and I wanted to access things on the same ports. A script that worked when run from my office should work with no changes when run from my living room.
3. It only needed to support host:port combinations that were explicitly specified.
Here's what I did. Let's say I've got 3 machines I need to use:
db.example.com: MySQL server
mail.example.com: mail server
web.example.com: web server
I need to use MySQL on the first (port 3306), IMAPS on the second (port 993), and HTTP/HTTPS on the third (ports 80 and 443), and I want to use ssh (port 22) on all of them.
I'd ssh to the machine at work that I have ssh access to, with my ssh config file including this:
Finally, a little ipfw fiddling on my Mac to bring it all together:
ipfw add 100 fwd 127.0.0.1,7777 tcp from any to 10.10.10.1 22
ipfw add 101 fwd 127.0.0.1,7778 tcp from any to 10.10.10.1 3306
ipfw add 102 fwd 127.0.0.1,7779 tcp from any to 10.10.10.2 22
ipfw add 103 fwd 127.0.0.1,7780 tcp from any to 10.10.10.2 993
ipfw add 104 fwd 127.0.0.1,7781 tcp from any to 10.10.10.3 22
ipfw add 105 fwd 127.0.0.1,7782 tcp from any to 10.10.10.3 80
ipfw add 106 fwd 127.0.0.1,7783 tcp from any to 10.10.10.3 443
On Linux that would have been something like this:
That worked great for several years. I've got a script that can take a list of files that describe host:port combination and generate the ssh config, hosts, and ipfw or iptabes rules so it was easy to add or remove machines.
It broke in late 2014 when I switch to MacOS Yosemite. Apple had switched to using PF in Lion in 2011 and deprecated ipfw, and removed it in Yosemite. By then we had an openvpn setup at work and I switched to using that.
My requirements for comfortably working from home were:
1. Nothing special needs to be done at work. I don't have to ask for anything new to be installed there, or firewall rules to be changed, or anything like that.
2. I wanted to be able to refer to work machines by the same names they had on the internal network at work, and I wanted to access things on the same ports. A script that worked when run from my office should work with no changes when run from my living room.
3. It only needed to support host:port combinations that were explicitly specified.
Here's what I did. Let's say I've got 3 machines I need to use:
I need to use MySQL on the first (port 3306), IMAPS on the second (port 993), and HTTP/HTTPS on the third (ports 80 and 443), and I want to use ssh (port 22) on all of them.I'd ssh to the machine at work that I have ssh access to, with my ssh config file including this:
I'd add this to /etc/hosts: (My LAN used 192.168.0.x addresses)Finally, a little ipfw fiddling on my Mac to bring it all together:
On Linux that would have been something like this: That worked great for several years. I've got a script that can take a list of files that describe host:port combination and generate the ssh config, hosts, and ipfw or iptabes rules so it was easy to add or remove machines.It broke in late 2014 when I switch to MacOS Yosemite. Apple had switched to using PF in Lion in 2011 and deprecated ipfw, and removed it in Yosemite. By then we had an openvpn setup at work and I switched to using that.