I have been attempting recently to gain remote access to a machine behind a firewall. The trick is this: the machine I need access to is behind a firewall, and in that firewall the only known hole is to a different machine via ssh. I was able to setup an iptables rule to forward the port I needed to the unreachable machine, and I thought it would be a simple matter of using an ssh forwarding rule to get to this machine and allow iptables to take over. So what I have now is an ssh rule:

ssh -L1700:localhost:1700 remote

This begins the forwarding from my machine to the reachable inside. Then the iptables rule looks like this:

iptables -A FORWARD -s 0/0 -i eth0 -d unreachable -o eth0 -p TCP --sport 1700 --dport 1700 -j ACCEPT

This should let me connect as such:

local -> ssh tunnel -> remote -> forward -> unreachable

The problem is that it works inside, but not when I am outside of the firewall. I was under the impression this would solve all of my problems. I'm open to suggestions, and if more info is needed (I think I covered it all) I will provide it.

Thanks in advance,

Alunduil

You can always have the unreachable machine connect to you using SSH and setup a reverse tunnel that you can then connect to on your local machine.

On the unreachable machine run this.
Then on the reachable machine.
What this does is connect to the ssh session that the unreachable machine created. The only problem is that you have to make sure this tunnel stays open so your going to need to keep some activity going over the tunnel. Or set the timeout setting the sshd.conf file to a really large number.

The true problem I guess I forgot to mention was that unreachable AFAIK only has the one port open running a license manager server. This server is what I need to get to, and I have no rights on it. Not even piddly user rights through a web interface. I have to just get my packets to the machine and back, but don't know a way to do this. Thanks for the suggestion, it's just not feasible.

Thanks,

Alunduil