Re: [gentoo-user] [OT] SSH port forwards behind restrictive firewall

Group: linux.gentoo.user
From: Mick
Date: Monday, February 18, 2008 1:30 PM
Subject: Re: [gentoo-user] [OT] SSH port forwards behind restrictive firewall

message

--nextPart1329547.YNiDTNvU5C
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 18 February 2008, Etaoin Shrdlu wrote:
> On Monday 18 February 2008, Mick wrote:
> > Hi All,
> >
> > I think that I have confused myself with this. I am behind a
> > firewall/http proxy which seems to only allow outbound connections on
> > ports 80 & 443 for web browsing. This is not enough for me, as I
> > would like to use my mail client to send and receive mail from behind
> > the firewall.
> >
> > I tried connecting to ssh servers which listen on different ports,
> > besides tcp/22 and I was not successful. This is probably an
> > indication that the internet gateway machine only accepts connections
> > for packets that have a destination to ports 80 & 443.
> >
> > If the above is correct, am I right to assume that to be able to run a
> > tunnel through this internet gateway I should run something like:
> >
> > ssh -L 2222:localhost:443 me@remote_sshd.com
>
> This command still tries to contact the remote host on port 22, and is
> blocked by the firewall.

Oops! Yes, the primary ssh connection will take place to port 22 on the=20
server, unless this is specified separately as you show below.

> IIUC to exit the local firewall you should have the remote sshd listening
> on port 443 or 80.
>
> ssh -p 443 me@remote_sshd.com
>
> Of course, the remote /etc/ssh/sshd_config must have "Port 443" (or 80).
> If this works and you are able to actually connect to the remote ssh, you
> can add local or remote port forwarding to this basic command.
>
> So, as an example for email, you can do something:
>
> ssh -p 443 -L 2222:smtpserver:25 me@remote_sshd.com
>
> and configure your mail client to send to localhost, port 2222.
> Another alternative (depending upon how many ports you need to forward)
> could be to use SOCKS.

With option -D on the server. Hmm, need to explain that the ssh server is =
NOT=20
the mail server (and last time I looked gmail did not accept ssh connection=
s=20
to their mail servers!), but a router I run at home. The idea is that I wi=
ll=20
set up corresponding forwarding rules on the router. Is that sound?

PS. Unless I missed it Kmail does not have settings for SOCKS.

Thank you for your help. :)
=2D-=20
Regards,
Mick

--nextPart1329547.YNiDTNvU5C
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQBHudv45Fp0QerLYPcRAjQTAJ4rVCkvGZgnU3WDxEOqSieTjxERXwCgsD1a
I1FffoNPg0KJ/EAZhuUFVeM=
=HUQI
-----END PGP SIGNATURE-----

--nextPart1329547.YNiDTNvU5C--
--
gentoo-user@lists.gentoo.org mailing list