sshd and port forwarding behind a firewall


Subject: sshd and port forwarding behind a firewall
From: Matthew S. Krawitz (matthewk@ashai.net)
Date: Sat Jan 12 2002 - 12:28:03 MST


Hi all:

I'm having an issue with YDL 2.0 (2.1 wouldn't install on my cube w./
DVD-ROM).

Specifically, I am having trouble with sshd (version OpenSSH_2.9p2).

I like to tunnel unencrypted traffic using ssh from my office, and when
dialed into public ISP's. An example of the command I use is:

        ssh -L 143:myhost.domain.name:143 myhost.domain.name

This gives me a shell, and tunnles localhost:143 to
myhost.domain.name:143 across the encrypted tunnel (I know this is
SSH101 stuff, but I thought I should be clear).

Here's the issue...

My network is set up behind a firewall and I am port-forwarding ssh to
my YDL machine. It looks kinda like this:

        INTERNET --> CABLE MODEM --> Netgear FR314
Firewall/Router --> MY LOCAL INTRANET

My FR314 responds to an IP address, and if the request to that IP
address is to a specific port (in this case 22), it forwards the packet
to an internal host (in this case a YDL box). This works like a champ
for shell access, but I can't seem to get a tunnel going properly.

To be 100% clear. I CAN get a port tunnel if I initiate the connection
from INSIDE my Intranet.

It probably should be said that my Intranet does not use the same IP
addressing as the INTERNET, and is on one of the "private address space"
blocks.

I've gone into sshd.conf and enabld X11 forwarding... but beyond that,
I don't see what else I can do.

I'm sure that the client ssh machine creates it's side of the tunnel (I
can telnet to the local port... I just don't get anything from the host
side).

Any ideas? Any SSH guru's out there?

  - matthewk (MSK2)



This archive was generated by hypermail 2a24 : Sat Jan 12 2002 - 12:42:54 MST