LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-06-2006, 01:09 PM   #1
djwhitey
LQ Newbie
 
Registered: Mar 2006
Posts: 7

Rep: Reputation: 0
Question ssh port forward/tunnel question


I've googled a good bit in addition to reading the manpages on ssh & sshd_config

having said that here is my issue:

i have a box that's inside my univ firewall which blocks incoming connections... i also have nonroot shell access to a box outside the firewall that i can ssh to from the box inside the firewall... i'd like to forward connections on a port on the machine OUTSIDE the firewall to a port on the box INSIDE the firewall via an ssh tunnel... this way my box inside the firewall will be accessible from anywhere outside the firewall on the one specific port... the univ has the cisco vpn client available to access inside the firewall through, but I'd have to give everyone I want to download from me login info for it that I'd rather not disclose... that being said,I've tried (taking ftp for example):

ssh -R 7777:my.ip.inside:21 user@ip.outside

however, the GatewayPorts option is not enabled on the sshd (and I can't enable it)

so I've tried doing:
ssh -gL 7778:127.0.0.1:7777 user@ip.outside
followed by
ssh -R 7777:my.ip.inside:21 user@ip.outside

It seems to bind the ports properly, but when I attempt to connect to ftp ip.outside 7778 (from an outside ip) it doesn't completely connect
I get
Connected to [ip.outside]
but it just sits there as if frozen and my ftp server doesn't register the connection. So I assume it's connecting to ip.outside but is being blocked by the firewall when outside attempts to forward it.

could anyone help me with this please? thanks in advance
 
Old 04-06-2006, 01:17 PM   #2
lucktsm
Member
 
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155

Rep: Reputation: 30
Sounds like you're trying to go around the schools security. If you make tunnels and they get expoited you could be liable. You may want to check with you administrator to see if this is ok to attempt.
 
Old 04-06-2006, 01:21 PM   #3
djwhitey
LQ Newbie
 
Registered: Mar 2006
Posts: 7

Original Poster
Rep: Reputation: 0
yes that's exactly what I'm trying to do. And I called the ITS dept. to inquire about it. Their reply was, "If you're smart enough to figure out how to get to your on-campus-computer from off campus without using the VPN client, more power to you."
 
Old 04-06-2006, 03:51 PM   #4
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 51
Quote:
Originally Posted by djwhitey
ssh -R 7777:my.ip.inside:21 user@ip.outside

however, the GatewayPorts option is not enabled on the sshd (and I can't enable it)

so I've tried doing:
ssh -gL 7778:127.0.0.1:7777 user@ip.outside
followed by
ssh -R 7777:my.ip.inside:21 user@ip.outside

It seems to bind the ports properly, but when I attempt to connect to ftp ip.outside 7778 (from an outside ip) it doesn't completely connect
I get
Connected to [ip.outside]
but it just sits there as if frozen and my ftp server doesn't register the connection. So I assume it's connecting to ip.outside but is being blocked by the firewall when outside attempts to forward it.

could anyone help me with this please? thanks in advance
In order to have it do what you want, I think you need to do something like
Code:
ssh -R *:7777:localhost:21 user@ip.outside
but this requires GatewayPorts to be enabled.

Other options I can think of include:
* get another shell account somewhere that has GatewayPorts enabled
* get your FTP server to listen on port 22 (ssh) or (preferably) some other port that is already open on the firewall, and then people connect to that port for FTP (nevermind I am stupid)

Last edited by spooon; 04-06-2006 at 08:37 PM.
 
Old 04-06-2006, 05:05 PM   #5
djwhitey
LQ Newbie
 
Registered: Mar 2006
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by spooon
Include:
* get another shell account somewhere that has GatewayPorts enabled
* get your FTP server to listen on port 22 (ssh) or (preferably) some other port that is already open on the firewall, and then people connect to that port for FTP
no ports ARE open on the firewall for INCOMING connections to my ip
there are some forwards for specific machines on campus... but no ports open on my subnet
they block icmp.. can't ping anything from outside
so even if I was to get a shell account somewhere with gatewayports enabled, would it be able to forward a connection back to me through the wall? if so, where do I get a shell acct with the option enabled?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH port forward problem idsdown Linux - Networking 2 11-25-2005 01:47 AM
SSH forward (tunnel) overhead ? michaelsanford Linux - Networking 2 07-31-2005 06:58 AM
ssh tunnel / port forwarding Q FrayAdjacent Linux - Networking 2 07-05-2005 04:37 PM
ssh port forward failure harmster Linux - Networking 2 03-08-2004 07:46 AM
port forward over ssh bedwardj Linux - Security 1 06-26-2001 05:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration