[svlug] Firewall Tunnel v0.2
J C Lawrence
claw at kanga.nu
Sun Jun 17 10:38:02 PDT 2001
On Sun, 17 Jun 2001 09:52:53 -0700 (PDT)
Kevin Kaichuan He <hek at cisco.com> wrote:
> Probably I got it wrong but my impression is when you use "ssh -R"
> to forward a remote port to a local port it wont work with a
> firewall which allows only outbound connection requests.
You got it wrong.
> I said it because I've done two experirments 1) use ssh -R to
> forward a remote port on "colo box" to a local port on "desktop",
> I can then connect to the remote port on the "colo box" and thus
> be forwarded to the local port on "desktop" without problem if
> there is no firewall between desktop and colo-box 2) repeat 1)
> except that there is a firewall between the desktop and colo-box,
> the connection reqeust to the remote port on the colo-box will
> stall in this case.
I have exactly this sort of port forward going on now between
machine I'm typing on out thru a Linux NAT box to my colo box, and
from my desktop at work out through a Cisco NAT to a colo box.
> I would be very glad to know if my experiement result is
It is. Make sure to read the sshd man page and what interfaces it
> My guess about the reason of such result is: "ssh" initiate a new
> connection from remote to local each time a connection request
> arrives at the remote box and thus the new connection will be
> blocked by the firewall.
Nope. I runs over the extant SSH connection, tunneled as it were.
J C Lawrence claw at kanga.nu
The pressure to survive and rhetoric may make strange bedfellows
More information about the svlug