SSH
Home Prev Up Next  

Settings in the Connection Broker Configuration File

You can define automatic tunnels in the Connection Broker configuration file ssh-broker-config.xml with the static-tunnels XML element.

The following configuration example shows a connection profile with the static-tunnels settings for IMAP and SMTP e-mails whose connections will be forwarded through a connection profile:

<profiles>  
  <profile id="id1" 
           user="user7" 
           host="sshserver.example.com" />
</profiles>

<static-tunnels>
  <tunnel  type="TCP"
           listen-port="143"
           dst-host="imap.example.com"
           dst-port="143"
           allow-relay="no"
           profile="id1"/>

  <tunnel  type="TCP"
           listen-port="25"
           dst-host="smtp.example.com"
           dst-port="143"
           allow-relay="no"
           profile="id1"/>
</static-tunnels>

With the static-tunnels setting, the listeners for local tunnels are automatically created when the Connection Broker starts up. The actual tunnel is formed the first time a connection is made to the listener port. If the connection to the server is not open at that time, it will be opened automatically as well.

Whenever a connection is made to the specified listener, the connection is tunneled over Secure Shell to the remote server and another connection is made from the server to a specified destination host and port. The connection from the server onwards will not be secure, it is a normal TCP connection.

The static-tunnels element can contain any number of tunnel elements.

The tunnel element specifies the characteristics of an automatic tunnel. It has the following attributes: type, listen-port, listen-address (optional), dst-host, dst-port, allow-relay, and profile.

The type attribute defines the type or protocol of the tunnel. This can be either tcp or ftp.

The listen-port attribute defines the local port to which Tectia Client listens. The optional listen-address attribute can be used to define which network interfaces on the client listens to. Its value can be an IP address belonging to an interface on the local host. Value 0.0.0.0 listens to all interfaces. The default is 127.0.0.1 (localhost loopback address on the client). Setting any other value requires setting allow-relay="yes".

The dst-host and dst-port attributes define the destination host address and port. The value of dst-host can be either an IP address or a domain name. The default is 127.0.0.1 (localhost = server host).

The allow-relay attribute defines whether connections to the listened port are allowed from outside the client host. The default is no.

The profile attribute specifies the identifier of the connection profile through which the connection is tunneled.

Home Prev Up Next  

Copyright 2016 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information