Let's see how the very same scenario will look like if we introduce SSH server leapingrodent into the picture.
First thing to notice is that now we
have to poke only one hole in the office firewall. Any network
administrator (and Martha
Stuart) will tell you that it is a "good thing". Second thing
to notice is that nondescript gentleman in the other corner got so
upset that he spilled his coffee on his laptop and eventually was
arrested for swearing in public place. So, what exactly SSH tunnel did
for us?
SSH client allocated POP3(110) port on latte. This port represents local
end
of the tunnel. Each network packet sent to this port gets tunneled to
SSH server leapingrodent via
secure tunnel and then gets forwarded to its final destination, POP3
port on slidingpenguin. So, if
you configure your e-mail client to connect to localhost instead of slidingpenguin, then all exchange
between your e-mail client and office e-mail server will go through the
tunnel. Few things need to be mentioned before we will be ready to move
forward. First of all, port numbers on the remote and local ends
of
the tunnel do not have to be the same. You can configure SSH tunnel to
connect port 60110 on your localhost
with port 110 on slidingpenguin
if you like. You will have to tell your e-mail client to talk to
port 60110 on localhost instead
of standard port and then it is going to work as well as with port
110. Secondly, it is possible to create tunnel that will work
in other direction.
In this configuration your friends from
the office can point their browsers to port 888 on leapingrodent and end-up accessing
web server on your laptop.