From owner-freebsd-questions Fri Feb 1 6:28:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from wasp.eng.ufl.edu (wasp.eng.ufl.edu [128.227.116.1]) by hub.freebsd.org (Postfix) with ESMTP id 0309C37B402 for ; Fri, 1 Feb 2002 06:28:06 -0800 (PST) Received: from eng.ufl.edu (scanner.engnet.ufl.edu [128.227.152.221]) by wasp.eng.ufl.edu (8.9.3/8.9.3) with ESMTP id JAA21413; Fri, 1 Feb 2002 09:28:03 -0500 (EST) Message-ID: <3C5AA5F3.A06C1029@eng.ufl.edu> Date: Fri, 01 Feb 2002 09:28:03 -0500 From: Bob Johnson X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en, eo MIME-Version: 1.0 To: Trevor Osatchuk Cc: questions@freebsd.org Subject: Re: more: vpn from behind firewall References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Trevor Osatchuk wrote: > > Thanks for the reply Bob. I can ssh into my firewall, no problem. When I > tried: > ssh -L 25:smtp.myisp.com:25 my.firewall.ip.address > > I get prompted for my root password on my firewall. Now, I don't have > remote root login set up and I would rather not. What can I do to get > around the root password? > Oops. I meant to mention that. Either ssh -L 25:smtp.myisp.com:25 user@my.firewall.ip.address or ssh -l user -L 25:smtp.myisp.com:25 my.firewall.ip.address will attempt to log you into your firewall as "user" (that's a lowercase "L" on the second version). As you probably already discovered, you must be root on your laptop to forward ports like this, but you can connect to your firewall as any legitimate user. You can also tack a command onto the end of that, and it will run on the firewall. For example, to keep a modem connection from timing out, I sometimes use something like ssh -L 25:smtp.myisp.com:25 bob@home.network.address ping -i 60 my.laptop.address but you would need a public IP number on your laptop to do exactly that. > I am not sure what needs to be set up on my firewall to allow this. > Portforwarding is enabled, but do I need to set up a rule? If you have a non-root user account on your firewall, that's all you need. And if you dig into the ssh man page, you can set it up so you don't need to enter a password every time you set up the connection. The other option is to have your firewall forward port 22 (ssh) to some internal system on your network where you DO have a user account. For extra credit, figure out how you are going to remotely administer your firewall after you do that. > ______ _________ ________ > |my | | firewall| |my home | > |laptop|-----| on ski |------WWW-----|firewall|--- Home Network > |______| |__hill___| |________| > 192.168 192.168 ???? My firewall IP 192.168 > >I'm not sure if you mean your laptop address is 192.168.1.x, or if > >that's the address of your home system. > > I have a 192.168 ip on my laptop, assigned by dhcp, also my private network > has 192.168, but I doubt that this is of any importance. If it matters, then one of the firewalls/NATs is not configured correctly. > > >Of course, there is a third, and probably easier solution: ask > >the people who run the network on the ski hill what you should > >use for your outgoing SMTP host. You aren't the only person > >with that problem, and they should have a local one set up for > >you to use. Just set your email program to use whatever they > >tell you. > > What? Are you crazy? Ask that question and get an answer in 10 minutes, or > spend hours trying to do it the hard way? Hmmmm, I am dissapointed in you > Bob! :) Sorry. I don't know what came over me. > > Thanks, > > fybar Good luck. - Bob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message