LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-15-2003, 02:58 PM   #1
absolutal
LQ Newbie
 
Registered: Jun 2003
Location: nyc
Posts: 10

Rep: Reputation: 0
Angry SSH help - need to access box behind a firewall and cannot fwd ports.


hey guys, i desperately need to access a linux box i have at work. however they JUST installed a firewall on my network and the cannot open/fwd any ports for me. is there a way that i can ssh into that machine without needing to fwd any ports and such? someone plzzzzz help.
 
Old 07-15-2003, 03:35 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
If it's behind the firewall and the firewall machine doesn't allow ssh or doesn't forward ports, you can't.
 
Old 07-15-2003, 03:47 PM   #3
absolutal
LQ Newbie
 
Registered: Jun 2003
Location: nyc
Posts: 10

Original Poster
Rep: Reputation: 0
theres no type of program that allows me to maybe bounce off another pc to the one behind the router? i currently have a prog called dhost that installs a client on the pc behind the firewall and the server that is outside, and basically i run a ftp. so if you want to access the ftp behind the firewall, you actually access the ip of the pc outside of the firewall and it bounces you to the ftp site behind the firewall... if this is possible, i figure that getting ssh to work is possible also.
 
Old 07-15-2003, 04:13 PM   #4
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
im not gunna be a narc, but if you absolutely need it, shouldn't you be talking to the people that installed the firewall ?
 
Old 07-15-2003, 04:19 PM   #5
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
Quote:
Originally posted by absolutal
theres no type of program that allows me to maybe bounce off another pc to the one behind the router? i currently have a prog called dhost that installs a client on the pc behind the firewall and the server that is outside, and basically i run a ftp. so if you want to access the ftp behind the firewall, you actually access the ip of the pc outside of the firewall and it bounces you to the ftp site behind the firewall... if this is possible, i figure that getting ssh to work is possible also.
It's kind of tunelling. It's possible, but first you need to have access to a machine behind a firewall to run a program that will connect to a server outside. If you have access to machines inside, you can install ssh server, too. Or maybe I don't fully understand your problem? maybe you just have a server running and want to connect to it?

You can use tunnelling, but I highly recommend you to talk with a person responsible for firewall and ask to forward ports (you don't need standrad ssh port, you can use any free one).
 
Old 07-16-2003, 11:29 AM   #6
absolutal
LQ Newbie
 
Registered: Jun 2003
Location: nyc
Posts: 10

Original Poster
Rep: Reputation: 0
well, i have the server running already, and im using a program called dhost that allows me connect to the server behind the firewall from another pc on the outside running dhost also. now the problem is, that dhost is COMPLETELY unreliable, i can start dhost, and anywhere from 10 mins to 3 hours, the program crashes, making it unable to accept connections to the pc behind the firewall.. thats why i want to get ssh to work, atleast then i can just login, kill the proc and restart it.
 
Old 07-16-2003, 11:47 AM   #7
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
im not going to start point fingers but i getting a not so good vibe from you and your ideas. This forum is about linux networking, and not bypassing your administrators firewall.

I'm going to go on a whiff that you may have been the sole reason one was implemented.

Any of the questoins your asking, should be a brunt ask to your administrator and if he supports what kind of services you say you require. And if they don't then I advice that you listen to them, consequences for going behind peoples backs aren't usually very good.
 
Old 07-16-2003, 11:59 AM   #8
absolutal
LQ Newbie
 
Registered: Jun 2003
Location: nyc
Posts: 10

Original Poster
Rep: Reputation: 0
ok, i run this pc for my business, however due to company policy, the company that provides us our internet had to install a firewall. now i need to have this pc accessible, but they have told me that as of now, they cant fwd any ports or anything because they're still working out their policies on what they will or will not allow. Now like i said. this is business.. and when it costs me money, i need to do what i can to make it work. thats all.. all i'm asking for is help, or ideas.. not for you to come here personally, break into the firewall and open ports up.. gimmie a break guy. a simple, no, nothing is possible behind a firewall would be fine.

and one more thing, if someone asks for advice, you should'nt pass comments on what you think they're doing, it's NONE OF YOUR BUSINESS! you should'nt say that you think the reason a firewall is getting installed is because of me. You dont know me, you dont know what i do for a living.. dont think you're some super dectective.

Last edited by absolutal; 07-16-2003 at 12:05 PM.
 
Old 07-16-2003, 12:17 PM   #9
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
I dont have to be a super detective to logically think about the question. If someone asks where to find a cheap gun, are you going to say, ya I guy around the corner selling them for $50, your going to most likely ignore, or ask them why.

And we can turn this into a small lame arguement, but I find it grueling and boring. Your asking the wrong type of people.

routing rules and tables, but i find it extremly hard to believe that a service was forced to place a firewall

(where) between the lines is strange.

The normal things ive found is that isps, generally dsl and cable, usually put blocks on specific ports, to keep clients that purchase broadband through them from hosting, breaking their ToS.

Any normal business line is going to offer you full direct service of a line.

Every dsl company in california offers a business type, giving static ips, and the ability to allow hosting.

Same with every cable company ive seen.

Your most direct route if your isp does not offer business solutions is to get a T line, to integrate your telephones into a internet service as well.

More importantly I still wouldn't understand how dhost would work if the machines are firewalled to begin with. It wouldn't allow any inbound traffic unless the firewall is only set to block certain incoming ports, then your solution is simply change the ports to 1024+

Last edited by hakcenter; 07-16-2003 at 12:20 PM.
 
Old 07-16-2003, 12:25 PM   #10
absolutal
LQ Newbie
 
Registered: Jun 2003
Location: nyc
Posts: 10

Original Poster
Rep: Reputation: 0
well we had an unfirewalled line for over 2 years now, (we rent office space from a company who owns the entire floor in my building, and they also have offices all over the world.) now from what they told me was that their office here is the last one to actually place a firewall.. i has been company policy for a while now, but they have not implemented it. but after a few small backdoor viruses were detected on a few pc's on the network, they decided to finally put the firewall in place.now as far as the dhost prog i speak of, i dont know how it actually works, but it does..just very inconsistently
 
Old 07-16-2003, 12:33 PM   #11
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
then your just going to have to ask them to segment them into a dmz off the connection since its shared?

I run the IT here for 2 businesses, and neither one should have any connection ability between each other then the shared T.

I run a simple network off the normal internal, and I run a dmz for the other, with no cross talk available.

If its a service that is required to keep your business up, then they are obligated to ensure you that upon day 1 of installation that your business will notice no difference in its structure.

Else you are allowed to take legal action upon the days that your once working service is no longer without prior consulation.
 
Old 07-16-2003, 12:42 PM   #12
absolutal
LQ Newbie
 
Registered: Jun 2003
Location: nyc
Posts: 10

Original Poster
Rep: Reputation: 0
yeah thats the thing, we told them that we need this and they know that.. but they keep telling me that they're still working out the policy's with the firewall and they have noted my request and they'll let me know when they can help me out... its kind of annoying
 
Old 07-16-2003, 01:03 PM   #13
hakcenter
Member
 
Registered: Apr 2003
Location: Not to far from the computer screen
Distribution: RedHat 9.0
Posts: 324

Rep: Reputation: 30
Then tell them they are going to be required by law, to pay you for your lost work for the time period of 'problably starting from installation' to 'when your setup'

And if they don't believe you, this would easily win in small claims
 
Old 07-16-2003, 01:03 PM   #14
cnjohnson
Member
 
Registered: Nov 2002
Location: Nashville
Distribution: FreeBSD, Linux, OS-X
Posts: 544

Rep: Reputation: 30
Quote:
Originally posted by absolutal
well we had an unfirewalled line for over 2 years now, (we rent office space from a company who owns the entire floor in my building, and they also have offices all over the world.) now from what they told me was that their office here is the last one to actually place a firewall.. i has been company policy for a while now, but they have not implemented it. but after a few small backdoor viruses were detected on a few pc's on the network, they decided to finally put the firewall in place.now as far as the dhost prog i speak of, i dont know how it actually works, but it does..just very inconsistently
Without opening a port through the firewall you are out of luck, pure and simple, since the whole point of a firewall is to prevent packets from crossing. If you already have an application (dhost) working then there is a port open. Check the config file for it and then set ssh to use that port. You'll need an ssh server (linux comes with one) and an ssh client (linux come with one, too; and there is PuTTY for windows).

Cheers--
Charles
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux router/firewall box for shared Internet access from 3 separate LANs? dan.patton Linux - Networking 4 04-15-2006 06:37 PM
ssh and other remote access to a firewall. Insane? fipeso Linux - Security 9 05-04-2005 01:37 AM
XP Box won't connect to internet thru RH9 Box (firewall/dhcpd), it can only ping fire Rhapsodic Linux - Networking 4 07-10-2004 04:02 PM
SSH & IRC Ports beying blocked by integrated firewall on RH9 ronnybello Linux - Networking 5 08-23-2003 09:32 AM
Access my box from internet ? CISCO + firewall johnecobo Linux - Security 1 12-11-2002 04:59 PM


All times are GMT -5. The time now is 09:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration