1 |
On Monday 18 February 2008, Etaoin Shrdlu wrote: |
2 |
> On Monday 18 February 2008, Mick wrote: |
3 |
> > Hi All, |
4 |
> > |
5 |
> > I think that I have confused myself with this. I am behind a |
6 |
> > firewall/http proxy which seems to only allow outbound connections on |
7 |
> > ports 80 & 443 for web browsing. This is not enough for me, as I |
8 |
> > would like to use my mail client to send and receive mail from behind |
9 |
> > the firewall. |
10 |
> > |
11 |
> > I tried connecting to ssh servers which listen on different ports, |
12 |
> > besides tcp/22 and I was not successful. This is probably an |
13 |
> > indication that the internet gateway machine only accepts connections |
14 |
> > for packets that have a destination to ports 80 & 443. |
15 |
> > |
16 |
> > If the above is correct, am I right to assume that to be able to run a |
17 |
> > tunnel through this internet gateway I should run something like: |
18 |
> > |
19 |
> > ssh -L 2222:localhost:443 me@remote_sshd.com |
20 |
> |
21 |
> This command still tries to contact the remote host on port 22, and is |
22 |
> blocked by the firewall. |
23 |
|
24 |
Oops! Yes, the primary ssh connection will take place to port 22 on the |
25 |
server, unless this is specified separately as you show below. |
26 |
|
27 |
> IIUC to exit the local firewall you should have the remote sshd listening |
28 |
> on port 443 or 80. |
29 |
> |
30 |
> ssh -p 443 me@remote_sshd.com |
31 |
> |
32 |
> Of course, the remote /etc/ssh/sshd_config must have "Port 443" (or 80). |
33 |
> If this works and you are able to actually connect to the remote ssh, you |
34 |
> can add local or remote port forwarding to this basic command. |
35 |
> |
36 |
> So, as an example for email, you can do something: |
37 |
> |
38 |
> ssh -p 443 -L 2222:smtpserver:25 me@remote_sshd.com |
39 |
> |
40 |
> and configure your mail client to send to localhost, port 2222. |
41 |
> Another alternative (depending upon how many ports you need to forward) |
42 |
> could be to use SOCKS. |
43 |
|
44 |
With option -D on the server. Hmm, need to explain that the ssh server is NOT |
45 |
the mail server (and last time I looked gmail did not accept ssh connections |
46 |
to their mail servers!), but a router I run at home. The idea is that I will |
47 |
set up corresponding forwarding rules on the router. Is that sound? |
48 |
|
49 |
PS. Unless I missed it Kmail does not have settings for SOCKS. |
50 |
|
51 |
Thank you for your help. :) |
52 |
-- |
53 |
Regards, |
54 |
Mick |