From owner-freebsd-questions Thu Apr 26 3:10:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94]) by hub.freebsd.org (Postfix) with ESMTP id DB78837B42C for ; Thu, 26 Apr 2001 03:10:14 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by probity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14siiz-000JCr-00 for questions@freebsd.org; Thu, 26 Apr 2001 11:10:13 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3QAACT31314 for questions@freebsd.org; Thu, 26 Apr 2001 11:10:12 +0100 (BST) (envelope-from rasputin) Date: Thu, 26 Apr 2001 11:10:12 +0100 From: Rasputin To: questions@freebsd.org Subject: Re: Connecting to FreeBSD over SSH2 using SecureCRT Message-ID: <20010426111012.A30963@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from rsowders@usgs.gov on Thu, Apr 26, 2001 at 02:41:02AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Robert L Sowders [010426 10:42]: > Your problem is you are trying to do port forwarding through a firewall. > Setting up port forwarding with SecureCRT is simple between two boxes, but > put the third box between them and now you have a problem. OpenSSH is *great* for running stuff through firewalls. I've not tried with SecureCRT, but would be surprised if it weren't possible. > To do port forwarding for pop you're telling SecureCRT to connect to the > remote machine at port 110 and locally at localhost port. > The firewall is disallowing connections to port 110. Don't try to get out to port 110. The traffic can be routed down the SSH connection itself (any port you like) so when I connect to localhost port the pacets get routed down the tunnel and *then* get forwarded to port 110 on the server. As far as the server is concerned, it just recieved a connection from localhost port (whatever that end of the tunnel uses). We used to use this kind of trick to read mail on the internal LAN mailserver from home. And that was sneaking past a CISCO PIX. All you needed was someone inside the LAN prepared to wire up a tunnel from their box out to an arbitrary port on an external host. (longish command line , in the manpage) Then you'd ssh public.shell.server.net 24567 and be greeted with: +OK internal.mail.bigcompany.privatelan.com POP3 ready You need an account (not root) on 1 machine each side of the firewall, but you don't need an account on the mail server you're fooling or the firewall. -- It's not so hard to lift yourself by your bootstraps once you're off the ground. -- Daniel B. Luten Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message