Date: Fri, 27 Apr 2001 01:06:41 -0700 From: "Robert L Sowders" <rsowders@usgs.gov> To: Rasputin <rara.rasputin@virgin.net> Cc: owner-freebsd-questions@FreeBSD.ORG, questions@freebsd.org Subject: Re: Connecting to FreeBSD over SSH2 using SecureCRT Message-ID: <OFD1B1C73C.7590A143-ON88256A3B.002C61BB@wr.usgs.gov>
next in thread | raw e-mail | index | archive | help
You are, of course, completely correct. A tunnel to the server can
forward to another box. I corrected myself in private email to the
original poster.
Rasputin <rara.rasputin@virgin.net>
Sent by: owner-freebsd-questions@FreeBSD.ORG
04/26/2001 03:10 AM
Please respond to Rasputin
To: questions@freebsd.org
cc:
Subject: Re: Connecting to FreeBSD over SSH2 using SecureCRT
* Robert L Sowders <rsowders@usgs.gov> [010426 10:42]:
> Your problem is you are trying to do port forwarding through a firewall.
> Setting up port forwarding with SecureCRT is simple between two boxes,
but
> put the third box between them and now you have a problem.
OpenSSH is *great* for running stuff through firewalls.
I've not tried with SecureCRT, but would be surprised if it weren't
possible.
> To do port forwarding for pop you're telling SecureCRT to connect to the
> remote machine at port 110 and locally at localhost port.
> The firewall is disallowing connections to port 110.
Don't try to get out to port 110.
The traffic can be routed down the SSH connection itself (any port you
like)
so when I connect to localhost port <whatever> the pacets get routed down
the
tunnel and *then* get forwarded to port 110 on the server.
As far as the server is concerned, it just recieved a connection from
localhost port (whatever that end of the tunnel uses).
We used to use this kind of trick to read mail on the internal
LAN mailserver from home. And that was sneaking past a CISCO PIX.
All you needed was someone inside the LAN prepared to wire up a tunnel
from
their box out to an arbitrary port on an external host.
(longish command line , in the manpage)
Then you'd
ssh public.shell.server.net 24567
and be greeted with:
+OK internal.mail.bigcompany.privatelan.com POP3 ready
You need an account (not root) on 1 machine each side of the firewall,
but you don't need an account on the mail server you're fooling or the
firewall.
--
It's not so hard to lift yourself by your bootstraps once you're off
the ground.
-- Daniel B. Luten
Rasputin :: Jack of All Trades - Master of Nuns ::
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OFD1B1C73C.7590A143-ON88256A3B.002C61BB>