From owner-freebsd-questions Mon Dec 4 17:30:44 2000 From owner-freebsd-questions@FreeBSD.ORG Mon Dec 4 17:30:41 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from firefly.prairienet.org (firefly.prairienet.org [192.17.3.3]) by hub.freebsd.org (Postfix) with ESMTP id 29AF837B400 for ; Mon, 4 Dec 2000 17:30:41 -0800 (PST) Received: from sherman.spotnet.org (slip-86.prairienet.org [192.17.3.106]) by firefly.prairienet.org (8.9.3/8.9.3) with ESMTP id TAA07649; Mon, 4 Dec 2000 19:30:30 -0600 (CST) Date: Mon, 4 Dec 2000 19:30:18 -0600 (CST) From: David Talkington X-Sender: dtalk@sherman.spotnet.org To: Rob Cc: questions@FreeBSD.ORG Subject: Re: NAT and SSH tunneling In-Reply-To: <20001204155054.A11649@claire.namodn.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hi Rob -- Let me first qualify this by saying that I haven't tried NAT on FreeBSD, so my advance abject apologies if there's something particular about FreeBSD's implementation which renders my response here irrelevant. However, in principle, tunneling through NAT works ok. I use the SSH Communications server and client, and can do this from a Linux workstation through a Linux NAT gateway. I run this command on the workstation: ssh -L 2300:remotehost:23 remotehost and log in as usual. Then on the workstation, do: telnet localhost 2300 And I connect to remotehost via the tunnel. This works with any service I choose. I don't know anything about the internals of CVS, so perhaps if it uses a two-way connection (like ftp), this might not work. I hope this is of some use to you. - -d - -- David Talkington Community Networking Initiative dtalk@prairienet.org 217-244-1962 PGP key: http://www.prairienet.org/~dtalk/dt000823.asc Rob wrote: >Hi, > > >I'm trying to do an SSH tunnel through a FreeBSD server >running natd to a CVS server listening to a pserver on >it's local interface. > >I have managed to get this working from a routeable IP, >but when I attempt to set up a tunnel from a non-routeable >that is being NAT'd, the non-routeable machine opens the >port ( 2401 ) but it doesn't seem to make it to the other >side ( the CVS server outside the NAT firewall ). > >Is there a special consideration for SSH tunnels through >NAT that I am not understanding? Is it actually possible? :) > >Thanks, and please reply to me directly as I am subscribed >to the list from this account. > > >Rob Helmer >Namodn > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOixFNL1ZYOtSwT+tAQFmaQf/bzaLFc+MaT5/yZ1LGL57ygiA84L+E3ql foJhYGHKHzVaG/Bmq5tWegQwkr0YiFcumrEWVKN4Dz/J+782PuqSzkqwdJl4pAcQ JR/Ojk7KKuYvYL5QGiuMAk1VF2qPLkZ77L1M7gPzvqrJ4KirYoFZacxw0mREF6ie 4sOb8eGw16MMqZ/OkODbstCUYeTm14Yz729z3XGrLDMDkCHU1PjOv2pLCBM3khs/ tMv0aN8KmHuKCo9ftjHTR6C9DNhbjxCySoeI/9UaVQIS5J3MPJYJxLr7BWRv8IrN EH1CAc5B3GGSI+wsF+PEVU9Mvwz8uzEUEJmz9g+qQiu8okf3hXIcUw== =Fk/+ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message