Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SSH and forwarding

J

jaqkar

macrumors newbie
Original poster
Aug 30, 2011
1
0
Hi

I am at location a and cannot ssh from here because of firewall restrictions. I can however ftp and setup a machine outside this network, location b to forward port 21 to 22. I can ssh into this machine no problem. The thing is when I am on this machine in location b it does not want to ping, ssh or anything into anything else or any other machine. When I am sitting in front of the machine it work fine but somehow ssh is not allowing any traffic to go out. I can ping the router the machine at location b is connected to but not anything outside like http://www.google.com etc.

Any suggestions guys?
 
aarond12

aarond12

macrumors 65816
May 20, 2002
1,148
108
Dallas, TX USA
I'm sorry, but your description of the problem is difficult to follow.

If SSH and FTP are being blocked by firewalls, use port mapping to get around it. For example, if SSH (port 22) is being blocked, use port 2222 instead. Then use port mapping on your router to convert 2222 back to 22.

It might work better if you break up all the problems you're having into separate questions.
 
Mattie Num Nums

Mattie Num Nums

macrumors 68030
Mar 5, 2009
2,834
0
USA
jaqkar said:
Hi

I am at location a and cannot ssh from here because of firewall restrictions. I can however ftp and setup a machine outside this network, location b to forward port 21 to 22. I can ssh into this machine no problem. The thing is when I am on this machine in location b it does not want to ping, ssh or anything into anything else or any other machine. When I am sitting in front of the machine it work fine but somehow ssh is not allowing any traffic to go out. I can ping the router the machine at location b is connected to but not anything outside like http://www.google.com etc.

Any suggestions guys?
Click to expand...

Are you trying to remote in with SSH if so thats not a good idea at all, that is what VPN is for. If this is internal someone should talk to your network admins because port 22 is a very widely used port for things like SFTP and forensics.
 
J

jtara

macrumors 68020
Mar 23, 2009
2,008
536
SSH and VPN are both "for" "remoting in". They are just two different ways of doing essentially the same thing.

Sounds like the OP discovered that his outbound firewall blocks port 22, but not port 21. So he set-up ssh tunneling on port 22 of his host to (SSH) tunnel to port 21 on the same box. Or something like that. As others have said, the description is hard to follow. My best guess as to what he has done.

Rather naive firewall installation, don't you think? It doesn't care what protocol is being used, just what ports are open. This is essentially no firewall. But pretty-much any outbound firewall is essentially no firewall, given the nearly universal need for unfettered access to HTTP on port 80. Anything can be transported over HTTP, one way or another...

Rather than doing an SSH tunnel just do port-forwarding on the host's router. And pick some port other than 21, sheesh!

SSH tunneling (can) forward ALL traffic from a host though a gateway at the other end of the tunnel. Apparently, this is what he has done. Or something. This would explain why system B can't get to the outside world while the tunnel is connected. He's default-routing to the tunnel. From the wrong end.

Or something like that.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom