From owner-freebsd-questions@FreeBSD.ORG  Sun Jun  1 21:31:24 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4919A37B401
	for <questions@freebsd.org>; Sun,  1 Jun 2003 21:31:24 -0700 (PDT)
Received: from lilzcluster.liwest.at (lilzclust02.liwest.at [212.33.55.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D383E43F85
	for <questions@freebsd.org>; Sun,  1 Jun 2003 21:31:22 -0700 (PDT)
	(envelope-from dgw@liwest.at)
Received: from cm58-27.liwest.at by lilzcluster.liwest.at
	(8.10.2/1.1.2.11/08Jun01-1123AM)
	id h524VFV0001429616; Mon, 2 Jun 2003 06:31:15 +0200 (MEST)
From: Daniela <dgw@liwest.at>
To: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com>
Date: Mon, 2 Jun 2003 06:34:04 +0000
User-Agent: KMail/1.5.1
References: <200305310030.58636.dgw@liwest.at>
	<44of1h5pbx.fsf@be-well.ilk.org>
In-Reply-To: <44of1h5pbx.fsf@be-well.ilk.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200306020634.04321.dgw@liwest.at>
cc: questions@freebsd.org
Subject: Re: Complicated routing/SSH-FTP tunneling problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2003 04:31:24 -0000

On Sunday 01 June 2003 23:51, Lowell Gilbert wrote:
> Daniela <dgw@liwest.at> writes:
> > I have the following problem:
> >
> > I'm running a FreeBSD SSH server.
> > Some clients can't connect to it. They are on a local network, connected
> > to the internet through another server. This second server used to allow
> > SSH login, and users could then connect to my server from the second
> > server.
> >
> > On the second server, SSH login isn't allowed any more. It won't route
> > any requests to the outside, except for mail. The FTP port is open,
> > however. I heard it is possible to create a tunnel over FTP, so the
> > clients could still get to my server.
> >
> > How could we do this (if it is possible)? Are there other ways?
>
> You need some kind of cooperation from the other server.
> It sounds like you're trying to get around security precautions of the
> other server, but if that's not the case, you ought to work this out
> with the administrator of the other server.

This is not possible, the admin won't let them out.
This is because of high loads on the network. He doesn't care if only a few 
people connect out.

> You can't create an IP tunnel over an FTP server; at least, not using
> any FTP server software I know well...

The clients run Linux. Isn't it possible to get around this by routing their 
reqests? They would only need to set the default gateway.

Daniela