Re: OpenSSH dynamic port forwarding

gnomee wrote:
Hi guys,
I have this problem. At work I am behind firewall but there is a
server that's outside out trusted network. Thing is, that I cannot
connect to this server (called "server2") directly, I have to do it
through another server (called "server1"). I managed to set static
port forwarding for IRC for example.

ssh -f -L 5551:localhost:5551 user@server1 ssh -f -L
5551:localhost:5551 user@server2 ssh -f -N -L
5551:efnet.demon.co.uk:6667 user@localhost

Then if I connect to localhost:5551 in my IRC client, it is forwarded
to efnet.demon.co.uk:6667. This works just fine. Problem is how to set
connection for FTP or BitTorrent, which use more than one port. Is
possible to set Dynamic Port Forwarding (ssh -D port ...) same way as
this static port forwarding? Through two servers?

I'd really appreciate some tips.

Thanks a lot.

Peter

Talk to your local IT staff about opening up a hole for you for FTP or
Bittorrent. Seriously, if this is their security policy, I'm reluctant to
help you start poking holes in it, and you should be cautious about doing it
let you demonstrate that you're so sharp, you're cutting yourself. They may
have actually have real policies for being this uptight: I've previously
been asked to set up a site's firewalls in such a way to prevent outgoing
FTP to avoid people exporting private internal documents, or using work's
wonderful bandwidth for loading up their MP3 libraries, and if I had opened
up an external SSH port for you in such a situation and noticed from the
bandwidth logs that you were channeling in big amounts of data, I'd be upset
with you.

I've not tried to do exactly what you're asking to do, so I'm not sure it
will work well. But why not do the downloads to the external machine, then
grab them with scp or sftp or rsync when the transfer is complete?


.

Relevant Pages

  • Re: Being hacked...
    ... Are you offering a webserver and ftp server to users on the internet as per having ... FTP and HTTP open? ... For internet attacks what I would look for is patterns in the firewall ... I am not an expert on IIS by any means but I do know if you are using FTP and IIS you ...
    (microsoft.public.win2000.security)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... Port) in the Exceptions tab and uncheck the pre-defined FTP Server in the ... list and exception is allowed (of coz tight to the scope of your exception ... I decided to try adding a port 21 in the firewall exception list just to ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... I only enabled the FTP Server service in advance settings. ... just the 'network connection setting' in the firewall advanced tab or you ... Windows Firewall behavior? ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Can Somone Tell Me If We Have a Hacker?
    ... your firewall to never see that stuff again. ... Those types of attacks DO work. ... beginners out there do that stuff thinking no one will find their FTP site. ... FTP server" which is probably not an option. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Opening A Specific IP Address
    ... place from the server ... You can run a Port Scanning tool to see what ports you are using.. ... Weird Because I Can FTP out? ... When I disable the SBS firewall I can connect ...
    (microsoft.public.windows.server.sbs)