Build ssh tunnels between two MSCS clustered virtual IP addresses & two SQL virtual IP

I have a pair of MS SQL 2008 clustered using MSCS servers
at datacenter A & another pair at a remote datacenter M.

For illustration purpose,  let's call the
- SQL cluster IP addr at DC A,   a.b.c.d  (not the MSCS cluster IP but SQL IP)
- SQL DTC IP addr at DC A,        e.f.g.h  (used by MS DTC)
- SQL cluster IP addr at DC M, m.n.p.q (not the MSCS cluster IP but SQL IP)
- SQL DTC IP addrat DC M,        r.s.t.u

Firewall rules for ssh is permitted for Tcp22 in both directions.

I have an ssh server (WinSSHD) running/listening at m.n.p.q & r.s.t.u.

If I have putty ssh client at a.b.c.d & e.f.g.h, how can I build an ssh
tunnel from a.b.c.d to m.n.p.q  and from e.f.g.h to r.s.t.u ?

Reason for building this tunnel is I have an urgent need to have
Tcp135 & a couple other Tcp ports to be transported over but it
takes 2 weeks for new firewall requests to be approved+implemented.

Note that all IP addresses above are virtual IP addresses on the
MS SQL 2008 servers
Who is Participating?
on A% ssh -L 4235:M:135 user@M
on A% telnet M 4235

a bit more secure:
on A% ssh -L localhost:4235:M:135 user@M
sunhuxAuthor Commented:
& by building the ssh tunnels, I'll still need existing traffic of
Tcp 1433 to be able to go thru via the usual channel (not thru
the tunnel) ie from a.b.c.d to m.n.p.q
are you aware that at least one end of the tunnel cannot be i.e. port 135?
if so, can you please specify which server A or M is the one where to forward (tunnel) port 135 over ssh
for example: do you want that a user/process on A connects to localhost:1135 which is tunneld to M:135
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

sunhuxAuthor Commented:
User in server A to be able to issue "telnet M_server_IP 135"
(& the packets that originate from user in A will show the
 source IP address of server A)

Do we need additional IP address to be assigned to both
tunnel ends?
sunhuxAuthor Commented:
Rather than user/process, it's actually MS SQL client (in server A) & 
MS SQL server 2008 (in server M)
> User in server A to be able to issue "telnet M_server_IP 135"
for that you don't need a tunnel, as M is already listening on 135

where is you problem with
   telnet M_server_IP 135
sunhuxAuthor Commented:
>where is you problem with     telnet M_server_IP 135
There's currently no firewall rule permitting Tcp 135 from A to M
but there's a firewall rule for Tcp22 (ssh) from A to M.

I'll need my SQL client (running in A) to be able to send traffic
to M (on Tcp port 135)
sunhuxAuthor Commented:
I'm not on Linux/UNIX,  I'm on Windows 2008, so ssh command
is not applicable in my case.  Can you give the steps needed to
set this up, say, using putty
sunhuxAuthor Commented:
What's required is for Windows environment, not Linux/Unix
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.