From owner-freebsd-questions@FreeBSD.ORG Mon Jun 2 15:32:41 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A7A937B404 for ; Mon, 2 Jun 2003 15:32:41 -0700 (PDT) Received: from lilzcluster.liwest.at (lilzclust02.liwest.at [212.33.55.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47CA243F85 for ; Mon, 2 Jun 2003 15:32:39 -0700 (PDT) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at by lilzcluster.liwest.at (8.10.2/1.1.2.11/08Jun01-1123AM) id h52MWTi0001053142; Tue, 3 Jun 2003 00:32:29 +0200 (MEST) From: Daniela To: Lowell Gilbert Date: Tue, 3 Jun 2003 00:35:27 +0000 User-Agent: KMail/1.5.1 References: <200305310030.58636.dgw@liwest.at> <200306020634.04321.dgw@liwest.at> <44wug419gd.fsf@be-well.ilk.org> In-Reply-To: <44wug419gd.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200306030035.27200.dgw@liwest.at> cc: questions@freebsd.org Subject: Re: Complicated routing/SSH-FTP tunneling problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 22:32:41 -0000 On Monday 02 June 2003 21:00, Lowell Gilbert wrote: > Daniela writes: > > On Sunday 01 June 2003 23:51, Lowell Gilbert wrote: > > > Daniela writes: > > > > I have the following problem: > > > > > > > > I'm running a FreeBSD SSH server. > > > > Some clients can't connect to it. They are on a local network, > > > > connected to the internet through another server. This second server > > > > used to allow SSH login, and users could then connect to my server > > > > from the second server. > > > > > > > > On the second server, SSH login isn't allowed any more. It won't > > > > route any requests to the outside, except for mail. The FTP port is > > > > open, however. I heard it is possible to create a tunnel over FTP, so > > > > the clients could still get to my server. > > > > > > > > How could we do this (if it is possible)? Are there other ways? > > > > > > You need some kind of cooperation from the other server. > > > It sounds like you're trying to get around security precautions of the > > > other server, but if that's not the case, you ought to work this out > > > with the administrator of the other server. > > > > This is not possible, the admin won't let them out. > > This is because of high loads on the network. He doesn't care if only a > > few people connect out. > > > > > You can't create an IP tunnel over an FTP server; at least, not using > > > any FTP server software I know well... > > > > The clients run Linux. Isn't it possible to get around this by routing > > their reqests? They would only need to set the default gateway. > > I may be misunderstanding you here, but I think that you're trying to > make an ssh connection into a system that isn't running sshd at all. Both servers are running sshd. The other one allows only root login, however. > That won't work, obviously. You *can* run sshd on the ftp port if you > want, but you still have to run it. That would be the solution. They can go out on the FTP port. I could just redirect port 21 to 22 with NAT, and move my FTP server to, say, port 2100. Thanks for your help. Daniela