Originally Posted by evilghost
[From Local Machine]
ssh -f -C username@remote_machine_ip -L 33060:local_ip_of_remote_machine:3306 -N
This would bind the local TCP socket of 33060 to MySQL on the remote machine.
Basically, you would point the application to localhost:33060 and this in turn would tunnel traffic across SSH with compression enabled to the remote machine on dport 3306.
You could use key-based authentication to avoid having to enter a username/password.
Hmm. Didn't seem to work. The remote server is actually where the PHP scripts will be running. The problem is, they need to be able to access the Mysql database server on a local server. I know I could open some firewall ports to allow them access, but the system Admin would rather not.
The idea is that if a user wants to get information from the local mysql server, he/she would need to VPN into our network first before logging into the site located on the remote server with the PHP pages and scripts. Once that happens, the php on the remote server needs to be able to check if a VPN connection has been made into our local network. Then and only then will the remote server scripts have access to the local mysql server.
My system admin has proposed we include some php scripts on the local apache web server as well. These local php scripts will retrieve information from the local mysql server. The remote server would then not have to make a direct connection to the local mysql server, but merely check if a user is connected to our network via VPN, or is at a workstation on the network. Then redirect the user to the local web server. The local web server is private and cannot be seen from outside our private network.
How would a remote server be able to check a user's connection? Is there another way besided checking IP's.