SSH help - need to access box behind a firewall and cannot fwd ports.
 

hey guys, i desperately need to access a linux box i have at work. however they JUST installed a firewall on my network and the cannot open/fwd any ports for me. is there a way that i can ssh into that machine without needing to fwd any ports and such? someone plzzzzz help.

If it's behind the firewall and the firewall machine doesn't allow ssh or doesn't forward ports, you can't.

theres no type of program that allows me to maybe bounce off another pc to the one behind the router? i currently have a prog called dhost that installs a client on the pc behind the firewall and the server that is outside, and basically i run a ftp. so if you want to access the ftp behind the firewall, you actually access the ip of the pc outside of the firewall and it bounces you to the ftp site behind the firewall... if this is possible, i figure that getting ssh to work is possible also.

im not gunna be a narc, but if you absolutely need it, shouldn't you be talking to the people that installed the firewall ?

It's kind of tunelling. It's possible, but first you need to have access to a machine behind a firewall to run a program that will connect to a server outside. If you have access to machines inside, you can install ssh server, too. Or maybe I don't fully understand your problem? maybe you just have a server running and want to connect to it?

You can use tunnelling, but I highly recommend you to talk with a person responsible for firewall and ask to forward ports (you don't need standrad ssh port, you can use any free one).

well, i have the server running already, and im using a program called dhost that allows me connect to the server behind the firewall from another pc on the outside running dhost also. now the problem is, that dhost is COMPLETELY unreliable, i can start dhost, and anywhere from 10 mins to 3 hours, the program crashes, making it unable to accept connections to the pc behind the firewall.. thats why i want to get ssh to work, atleast then i can just login, kill the proc and restart it.

im not going to start point fingers but i getting a not so good vibe from you and your ideas. This forum is about linux networking, and not bypassing your administrators firewall.

I'm going to go on a whiff that you may have been the sole reason one was implemented.

Any of the questoins your asking, should be a brunt ask to your administrator and if he supports what kind of services you say you require. And if they don't then I advice that you listen to them, consequences for going behind peoples backs aren't usually very good.

ok, i run this pc for my business, however due to company policy, the company that provides us our internet had to install a firewall. now i need to have this pc accessible, but they have told me that as of now, they cant fwd any ports or anything because they're still working out their policies on what they will or will not allow. Now like i said. this is business.. and when it costs me money, i need to do what i can to make it work. thats all.. all i'm asking for is help, or ideas.. not for you to come here personally, break into the firewall and open ports up.. gimmie a break guy. a simple, no, nothing is possible behind a firewall would be fine.

and one more thing, if someone asks for advice, you should'nt pass comments on what you think they're doing, it's NONE OF YOUR BUSINESS! you should'nt say that you think the reason a firewall is getting installed is because of me. You dont know me, you dont know what i do for a living.. dont think you're some super dectective.

I dont have to be a super detective to logically think about the question. If someone asks where to find a cheap gun, are you going to say, ya I guy around the corner selling them for $50, your going to most likely ignore, or ask them why.

And we can turn this into a small lame arguement, but I find it grueling and boring. Your asking the wrong type of people.

routing rules and tables, but i find it extremly hard to believe that a service was forced to place a firewall

(where) between the lines is strange.

The normal things ive found is that isps, generally dsl and cable, usually put blocks on specific ports, to keep clients that purchase broadband through them from hosting, breaking their ToS.

Any normal business line is going to offer you full direct service of a line.

Every dsl company in california offers a business type, giving static ips, and the ability to allow hosting.

Same with every cable company ive seen.

Your most direct route if your isp does not offer business solutions is to get a T line, to integrate your telephones into a internet service as well.

More importantly I still wouldn't understand how dhost would work if the machines are firewalled to begin with. It wouldn't allow any inbound traffic unless the firewall is only set to block certain incoming ports, then your solution is simply change the ports to 1024+

well we had an unfirewalled line for over 2 years now, (we rent office space from a company who owns the entire floor in my building, and they also have offices all over the world.) now from what they told me was that their office here is the last one to actually place a firewall.. i has been company policy for a while now, but they have not implemented it. but after a few small backdoor viruses were detected on a few pc's on the network, they decided to finally put the firewall in place.now as far as the dhost prog i speak of, i dont know how it actually works, but it does..just very inconsistently

then your just going to have to ask them to segment them into a dmz off the connection since its shared?

I run the IT here for 2 businesses, and neither one should have any connection ability between each other then the shared T.

I run a simple network off the normal internal, and I run a dmz for the other, with no cross talk available.

If its a service that is required to keep your business up, then they are obligated to ensure you that upon day 1 of installation that your business will notice no difference in its structure.

Else you are allowed to take legal action upon the days that your once working service is no longer without prior consulation.

yeah thats the thing, we told them that we need this and they know that.. but they keep telling me that they're still working out the policy's with the firewall and they have noted my request and they'll let me know when they can help me out... its kind of annoying

Then tell them they are going to be required by law, to pay you for your lost work for the time period of 'problably starting from installation' to 'when your setup'

And if they don't believe you, this would easily win in small claims

Without opening a port through the firewall you are out of luck, pure and simple, since the whole point of a firewall is to prevent packets from crossing. If you already have an application (dhost) working then there is a port open. Check the config file for it and then set ssh to use that port. You'll need an ssh server (linux comes with one) and an ssh client (linux come with one, too; and there is PuTTY for windows).

Cheers--
Charles