My work email is not possible to reach from outside the wlan. I'm able to ssh out to a remote computer at home, and I can set up a tunnel here.

Is it possible to set a permanent backdoor from my work PC to my home PC, and use this tunnel to log on to the IMAP-server from my laptop by using my public IP-adress at home?

I want to read my email when I travel

Network map

[IMAP-server]
|
|
[LinuxPC at work]
||
||
[tunnel]
||
||
[HomeLinux]
|
|
[FW v/public IP]
^
?
|
Lap-top

Is it possible to sett up ssh using port forwarding so that I can log on to the IMAP mail-server from my laptop?

It is possible to do a ssh tunnel, but I wouldn't do it without the approval of the network guys at work. I find it hard to believe any business would run a mail server that employees can't reach, but since they seem to be doing that, there must be some reason they are doing it. I won't just tell you how because you could get in large amounts of trouble for it. If they approve, it isn't difficult to accomplish, although it does require a sshd server on your work machine. You say you can ssh out, but you'd need to ssh in.

Peace,
JimBass

"You say you can ssh out, but you'd need to ssh in."

This is my main problem. No ssh in. I've asked the admin about opening for inbound ssh, she says she don't know how to set it up, and I believe her.

I've sett up a permanent tunnel to from the linux-server at work to my private linux-box, and in that way I'm able to monitor it remotely.

"I find it hard to believe any business would run a mail server that employees can't reach, but since they seem to be doing that,there must be some reason they are doing it"

We've always been able to reach our email remotely, until recent, when the BOFH set up a new MS Exchange2007 server. They say that they have planed external access to the mailserver, and hope that they will have it running by the summer. (They need external help)

So the reason is not a question about security, it's lack of knowledge.

Since you have a linux server at work, can you SSH to that? If you can, then you can easily use that machine for your tunnel.

Your network person should be fired on the spot if they can't open a port. There is no magic or linux knowledge required to do it. You open port 22 for tcp traffic on the WAN interface, and forward those packets through to the machine's LAN IP address at the same port.

This tutorial shows how to setup a tunnel over putty from a windows machine to a linux machine. Like he says at the bottom, you can tunnel any tcp traffic you want over at any port. Instead of setting up the SSH session at port 222, you'd want to use 22 for a "normal" SSH session. Then instead of tunneling 5901 to 5900 for VNC, you'd want to tunnel 143 on the localhost to 143 at the LAN address of your IMAP server. Then you'd configure your mail client to use an IMAP server on localhost, because that will get tunneled to the IMAP server at work.

http://martybugs.net/smoothwall/puttyvnc.cgi

If you're on a linux machine for the end-user box, all this is the same, you just setup the tunnel through the commandline rather than from a GUI in Putty.

Peace,
JimBass