[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: port forwarding questions

From: Ross Boylan <ross_at_biostat.ucsf.edu>
Date: Mon, 19 Oct 2009 15:13:10 -0700

On Mon, 2009-10-19 at 16:57 -0500, Ryan Schmidt wrote:
> On Oct 19, 2009, at 15:20, Ross Boylan wrote:
> > My subversion server is running under Apache, and I have clients from
> > several machines connecting to it simultaneously via ssh.
> >
> > Currently I have Apache listen on multiple ports, and each client
> > accesses the server through a different port. Is that necessary?
> >
> > I did this partly because forward only maps (from the client) do not
> > seem reliable. That is, in addition to saying that client port 8000
> > should tunnel to port 80 on the server, I seem to need to say that
> > remote port 80 needs to be forwarded to local 8000. In my ssh config
> > file on the client that means I give the server options
> > LocalForward 8000 localhost:80
> > RemoteForward 8000 localhost:80
> >
> > Is there a simpler way?
> Can't all users just access the same URL on the Apache server?
That was my question. As I said, the apparent need for a reverse tunnel
was one factor in doing things separately. I'm not sure if a single
port would work even with forward tunneling only.
> Why
> have you set up separate Apache port numbers for each user?
See above.
> Why are
> users ssh'ing in to the server and then using the Apache URL, instead
> of using the Apache URL directly from their own computers?
Firewall and security issues.
> If
> encryption is the concern, wouldn't using https be the more natural
> fit than trying to tunnel over ssh?
The machine is not directly accessible from outside the firewall, so
https is not an option.

> I have no experience with ssh
> tunneling, but it sounds like it introduces unnecessary complexity.

BTW, on client machines the server appears to be running on the client,
accessible by, e.g., http://localhost:8000/svn/....



To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-20 00:14:30 CEST

This is an archived mail posted to the Subversion Users mailing list.