Complicated routing/SSH-FTP tunneling problem
Daniela
dgw at liwest.at
Mon Jun 2 15:32:41 PDT 2003
On Monday 02 June 2003 21:00, Lowell Gilbert wrote:
> Daniela <dgw at liwest.at> writes:
> > On Sunday 01 June 2003 23:51, Lowell Gilbert wrote:
> > > Daniela <dgw at liwest.at> writes:
> > > > I have the following problem:
> > > >
> > > > I'm running a FreeBSD SSH server.
> > > > Some clients can't connect to it. They are on a local network,
> > > > connected to the internet through another server. This second server
> > > > used to allow SSH login, and users could then connect to my server
> > > > from the second server.
> > > >
> > > > On the second server, SSH login isn't allowed any more. It won't
> > > > route any requests to the outside, except for mail. The FTP port is
> > > > open, however. I heard it is possible to create a tunnel over FTP, so
> > > > the clients could still get to my server.
> > > >
> > > > How could we do this (if it is possible)? Are there other ways?
> > >
> > > You need some kind of cooperation from the other server.
> > > It sounds like you're trying to get around security precautions of the
> > > other server, but if that's not the case, you ought to work this out
> > > with the administrator of the other server.
> >
> > This is not possible, the admin won't let them out.
> > This is because of high loads on the network. He doesn't care if only a
> > few people connect out.
> >
> > > You can't create an IP tunnel over an FTP server; at least, not using
> > > any FTP server software I know well...
> >
> > The clients run Linux. Isn't it possible to get around this by routing
> > their reqests? They would only need to set the default gateway.
>
> I may be misunderstanding you here, but I think that you're trying to
> make an ssh connection into a system that isn't running sshd at all.
Both servers are running sshd. The other one allows only root login, however.
> That won't work, obviously. You *can* run sshd on the ftp port if you
> want, but you still have to run it.
That would be the solution. They can go out on the FTP port. I could just
redirect port 21 to 22 with NAT, and move my FTP server to, say, port 2100.
Thanks for your help.
Daniela
More information about the freebsd-questions
mailing list