[erlang-questions] distributed-erlang listener config and ssh tunnelling

[Paul Rubin]

Hi, I'm running an erlang server (with -noshell and -detached) on a remote
box, and would like to control it from a remote shell, plus run the process
observer, debugger, and so on from my workstation.  For security reasons I
don't want to open any ports on the remote box.  Instead I'd like for the
distribution stuff to listen on local ports, that I can then forward to my
workstation through ssh.

Right now the epmd and other distribution ports listen on all interfaces
(0.0.0.0) which is not disastrous because I can block those ports with
iptables, but ideally I'd like to configure them to listen only on
127.0.0.1.  Anyone know if there is a way to do that?

The other thing I'd hope to find is a recipe for tunnelling distributed
erlang through ssh.  Various docs and books mention this in passing as if
it's routine, but none say exactly which ports have to be forwarded.  I may
be a little confused but there may be a missing piece of the puzzle, in
getting epmd to hand off the forwarded port number instead of the port that
the node actually listens to.  Or does epmd actually proxy all the traffic
to all local nodes?  Is there a better way to do this stuff in general?
All advice is appreciated.

Thanks

--Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130418/55883794/attachment.htm>