Remote login to an intranet server behind firewall?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Remote login to an intranet server behind firewall?
I would like to remotely login to a server on the intranet of our company for some system maintenance work during the holidays: our mailboxes should be cleaned otherwise the mail partition will be possibly filled up with spam.
I do not know how to connect to that server and all the information I have is as follows:
- the route I have to pass through is possibly as follows:
internet -- our ISP -- firewall on our intranet -- intranet server
- our intranet is a private network, not having a real IP address, only a dynamic one
- our servers are always on
- I know the administrator of our ISP can remotely login to any of our servers, therefore I suppose that SSH may be listening on one of the ports on the firewall of our intranet (maybe port 22?)
- some users can reach their mailboxes located on our intranet server from the internet
- I know the root password on the server to which I would like to connect on the intranet
- I also know my username and password, besides my RSA authentication key is in the authorized_keys file in my home directory of that server. I also know the cipher type to use.
- ping 'servername.some.where' gives me an unknown host error - ping 'www.some.where' gives me a result, but that's only our web page located at our ISP
So, is there a possibility to login to our intranet server passing through our ISP and our intranet firewall based on the above information?
The essential information is if you can ping your firewall. If you can, you can also login into your server using ssh (as your firewall seems to be allowing/passing ssh connection).
There can be 2 hard points.
One: your ISP is not passing ssh requests to your firewall.
Two: your firewall is a hardware one, not allowing to log into it (and make another ssh connection to one of your servers) and your firewall is not configured to forward ssh connections into one of your servers OR your firewall has a local IP.
I do not know how to ping our firewall.
As I mentioned before I pinged www.some.where and servername.some.where with different results, but I suppose these pings did not get through our ISP.
Previously I found an IP address using netstat on that server - I thought it was our actual IP address. Now I do not think so: looking up that IP address gave mail.some.where (which is possibly at our ISP). I also tried tracing www.some.where which gave me the same IP address. (It may mean something or nothing - I do not know).
I am convinced that it is possible to get through our firewall, since our ISP does it often. I am not sure, however, if our ISP passes through SSH requests to our firewall. I could find it out if I knew how to ping our firewall.
So, how to do that?
Try to ping your firewall. Or better: run traceroute to any host in the Internet (may be linuxquestions.org). You'll get a list of host your packets are passing by. The first one should be your firewall. Look as many local IPs there are.
It may be that your firewall has local IPs, the same with most of your ISP's network. In such case, they can use ssh connection to your server and it's hard to do it from outside.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.