I need to copy an awful lot of data from DMZ to LAN. The data are so large that I can't just tar and gzip it up on DMZ and issue an scp from LAN. That would be too easy. Instead, since I need to preserve the permissions, symlinks, &c., I'll need to issue a tar over ssh; the best way for me to do this is to set up a reverse ssh tunnel.
I'm going to set it up on port 19999. So, this means the DMZ system will connect to DMZ loopback port 19999 and will have access to LAN, and all the LAN resources as available to LAN via 19999. Neat.
LAN has a pubkey on DMZ for passwordless logon. The account I'm doing the initial connection from on LAN is toor. The DMZ account is root.
setup initial connection via LAN:
~toor ssh -R 19999:localhost:22 root@DMZopen a shell on DMZ, test it out:
# ssh -l toor -p 19999 localhost # exitIt works, yay. Do it:
# tar cvf - /opt/stuff | ssh -l toor -p 19999 localhost "tar -xf - -C /tmp/DMZ.stuff"