Access trhough firewall

tpe · 04-25-2005, 04:11 AM

Hallo, I have the common problem of corporate firewalls. I can use only 3 ports, 80, 443 and 22.

Where is the situation. I need to access a remote server at port 2082 (cPanel port) from my office. I do not have root access on the remote server.

Local PC (Linux box) =========>Firewall(80,443,22)-------->Internet

I would like to access the cPanel from my office PC, thus I suppose that I have to use ssh tunnels. Is that correct?
If so, do I need root access on the remote server? If so, is there any other alternative in order to finally access the remote server at the specific port?

Please note that I have root access on the local linux box.

Thanks for any help.

win32sux · 04-25-2005, 04:34 AM

maybe you could set-up a linux box (at your house, for example) to act as a NAT router and redirect traffic on one of the allowed ports to the server...

you could configure it with iptables so that all packets that arrive to it on port 80 (for example) get forwarded to port 2082 on the server...

Local PC ==> Firewall ==> NAT Box at Home ==> Internet Server

the main rules to do this on the NAT box would look something like this:

Code:

iptables -t nat -A PREROUTING -p TCP --dport 80 -s 100.100.100.100 \
-j DNAT --to-destination 200.200.200.200:2082
iptables -A FORWARD -p TCP --dport 2082 -d 200.200.200.200 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

in this example, 100.100.100.100 is the IP of the corporate firewall and 200.200.200.200 is the IP of the cPanel server...

this way you wouldn't need to change anything on the server or the PC, you simply try to connect to port 80 on the NAT box and you'll actually be connecting to port 2082 on the server...

anyways, it's just a thought...

tpe · 04-25-2005, 04:39 AM

It looks quite nice (quick solution I can say), but I cannot use it! Ports 80, 443, 22, 25, 110 are closed from my provider (I know, I know but I will change ISP on a few months...). Thus, I have to find another solution.

Thanks anyway...