I have a number of clients with all their systems behind a firewall. That's a very good thing in terms of security, and this firewalls are so tight and don't really allow remote administration of the boxes, this ranges from Fibre Chanel switches, manageable Ethernet switches, Storage Array boxes, Firewall GUI frontend and Etc. But the good news is, I am still able to gain administrative access to this machines via ssh port forwarding. Not only this is secure but it just really works and does the job as expected. Below shows how I am able to connect to one of the RAID Arrays controllers when its time to manage them. Please take note that we must have a ssh login account to the ssh frontend server or the firewall itself and this machines shoud be able to reach the machines inside that we need to administer.
ssh -L 8081:192.168.1.6:80 email@example.com -p 20002
The command above does a port forwarding to a machine (RAID Array controller) inside the example. com network with the IP Address of 192.168.1.6 and the port I would want to connect to which is port 80 of the RAID Array controller to be redirected to my local machines port 8081 (the mahine that I use to ssh to expample.com) and using my login account to the ssh frontend server firstname.lastname@example.org and the port is 20002.
Once i gain access with the correct username and password combination, I am certain that the port 80 of the RAID Array controller is now being forwarded to my Local machines port 8081. I will now open my web browser, and type in the following below.
Now, I am able to administer the RAID Array controller as I was still inside the office. :)