Hello everyone,

I have the following LAVA setup:

LAVA server - 1 LAVA worker - 16 DUTs

The LAVA server and the LAVA worker are located in my company network (172.20.0.0/16). The DUTs are connected to the LAVA worker in a local network (192.168.20.0/24). Thus, the DUTs are not accessible from outside the worker.

What is a good way to allow for hacking sessions to a DUT (let's say 192.168.20.247) from the company network?

I can think of the following solutions:

1. Use SSH forwarding on lava-worker: ssh -g -L 50000:localhost:22 -N root@192.168.20.247

2. Forward the SSH port via netcat on lava-worker: nc -l -p 50000 -c "nc 192.168.20.247 22"

3. Forward the SSH port via iptables on lava-worker: iptables -t nat -A PREROUTING -p tcp --dport 50000 -j DNAT --to 192.168.20.247:22

All of these make the device accessible via "ssh -p 50000 root@lava-worker" from the company network. So far, so good. However, in an ideal world this forwarding would be active only during the hacking session, so that in normal test jobs the DUT is not accessible. Is there a way to achieve this? Does anyone have experience with such a scenario? How do you handle DUT access for hacking sessions?

Mit freundlichen Grüßen / Best regards Tim Jaacks DEVELOPMENT ENGINEER Garz & Fricke GmbH Tempowerkring 2 21079 Hamburg Direct: +49 40 791 899 - 55 Fax: +49 40 791899 - 39 tim.jaacks@garz-fricke.com www.garz-fricke.com WE MAKE IT YOURS!

Sitz der Gesellschaft: D-21079 Hamburg Registergericht: Amtsgericht Hamburg, HRB 60514 Geschäftsführer: Matthias Fricke, Manfred Garz, Marc-Michael Braun