Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
February
S M T W T F S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#4468 - 12/29/03 01:54 AM Reverse Access Through SSH Tunnel
Joined: Dec 2003
Posts: 2
disinformation Offline
Junior Member
disinformation Offline
Junior Member

Joined: Dec 2003
Posts: 2
UK
Hi All,

I have two networks set up over a cisco 2600 router, 10.0.0.0/24 on e0 and 192.168.0.0/24 on e1.

Basically i have a server running on 10.0.0.2 with a firewalled gateway at 10.0.0.5 and the 192.168.0.0 network is fully unfirewalled.

I have and sshd running at 192.168.0.2 and can connect to it from 10.0.0.2 and ssh is the only outbound port that ive opened.

I have and FTPd running on 10.0.0.2 and would like to connect to it from the 192.168.0 subnet.

Is it possible to establish an ssh session between 10.0.0.2 and 192.168.0.2 then use that tunnel to reverse forward ftp. So for example from 192.168.0.2 localhost:42 would go BACKWARDS through the tunnel and forward to the 10.0.0.x server.

Im new to this group so sorry for the newb question, ive search google loads but to no avail.

Thanks


you SUCK!!
Top
Sponsored Links
#4469 - 12/29/03 04:22 AM Re: Reverse Access Through SSH Tunnel
Joined: Dec 2003
Posts: 17
AnthonyVSD Offline
Junior Member
AnthonyVSD Offline
Junior Member

Joined: Dec 2003
Posts: 17
BC, Canada
Backtunneling through a SSH connection defeats the purpose of having SSH, I highly doubt you'd ever find a reliable way of accomplishing that. Your best bet would be to use some type of VPN session, though the way you have your servers setup has me slightly confused.


Anthony Gorecki
"Freedom through knowledge."
Top
#4470 - 12/29/03 06:28 AM Re: Reverse Access Through SSH Tunnel
Joined: Mar 2002
Posts: 1,041
Infinite Offline
UGN Elite Poster
Infinite Offline
UGN Elite Poster

Joined: Mar 2002
Posts: 1,041
Canada eh
Yeh, this seems overly complicated. Why not just add an access list to allow ftp only? I'm a little hazy on your setup, but something like:

(config)# access-list 101 permit tcp 192.168.0.0 0.0.255.255 10.0.0.0 0 0.255.255.255 eq 21

should do it. Naturally you'd have to modify it to suit your exact purposes, and then actually apply it to an interface; I would guess you'd use e0 like so:

(config-if)# access-group 101 out

Hope this helps.

Infinite

Top
#4471 - 12/30/03 05:29 AM Re: Reverse Access Through SSH Tunnel
Joined: Dec 2003
Posts: 2
disinformation Offline
Junior Member
disinformation Offline
Junior Member

Joined: Dec 2003
Posts: 2
UK
Sorry i should have been a little more clear on my intentions

The networks are set up, running with acls in place working fine, i can communicate between the networks how i please.

The point is ssh must remain open as my users need it.

My problem is, because of the nature of work the profiles on the NT 5.1 systems cannot be locked down at all.

The reason i am questioning the possibilty of such back tunneling is because in theory if it was possible, any one of my users could

# install a service

# run a ssh connection to an external networks sshd, such as a
home pc

#use back tunneling to connect to that service

for example with vnc, you can send vnc connect requests to a listening server on port 5500, this port is of course blocked on the gateway but could be tunneled straight through using ssh.

I realise vnc connect doesnt use a reverse tunneling method but it did get me thinking of the possibilitys :p

Sorry for the confusion


you SUCK!!
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics43,932
Posts79,106
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 37,095
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 2 guests and 0 spiders.
Latest News