Previous Thread
Next Thread
Print Thread
Rate Thread
Reverse Access Through SSH Tunnel
#4468 12/28/03 06:54 PM
Joined: Dec 2003
Posts: 2
D
Junior Member
OP Offline
Junior Member
D
Joined: Dec 2003
Posts: 2
Hi All,

I have two networks set up over a cisco 2600 router, 10.0.0.0/24 on e0 and 192.168.0.0/24 on e1.

Basically i have a server running on 10.0.0.2 with a firewalled gateway at 10.0.0.5 and the 192.168.0.0 network is fully unfirewalled.

I have and sshd running at 192.168.0.2 and can connect to it from 10.0.0.2 and ssh is the only outbound port that ive opened.

I have and FTPd running on 10.0.0.2 and would like to connect to it from the 192.168.0 subnet.

Is it possible to establish an ssh session between 10.0.0.2 and 192.168.0.2 then use that tunnel to reverse forward ftp. So for example from 192.168.0.2 localhost:42 would go BACKWARDS through the tunnel and forward to the 10.0.0.x server.

Im new to this group so sorry for the newb question, ive search google loads but to no avail.

Thanks


you SUCK!!
Re: Reverse Access Through SSH Tunnel
#4469 12/28/03 09:22 PM
Joined: Dec 2003
Posts: 17
Junior Member
Offline
Junior Member
Joined: Dec 2003
Posts: 17
Backtunneling through a SSH connection defeats the purpose of having SSH, I highly doubt you'd ever find a reliable way of accomplishing that. Your best bet would be to use some type of VPN session, though the way you have your servers setup has me slightly confused.

Re: Reverse Access Through SSH Tunnel
#4470 12/28/03 11:28 PM
Joined: Mar 2002
Posts: 1,041
I
UGN Elite Poster
Offline
UGN Elite Poster
I
Joined: Mar 2002
Posts: 1,041
Yeh, this seems overly complicated. Why not just add an access list to allow ftp only? I'm a little hazy on your setup, but something like:

(config)# access-list 101 permit tcp 192.168.0.0 0.0.255.255 10.0.0.0 0 0.255.255.255 eq 21

should do it. Naturally you'd have to modify it to suit your exact purposes, and then actually apply it to an interface; I would guess you'd use e0 like so:

(config-if)# access-group 101 out

Hope this helps.

Infinite

Re: Reverse Access Through SSH Tunnel
#4471 12/29/03 10:29 PM
Joined: Dec 2003
Posts: 2
D
Junior Member
OP Offline
Junior Member
D
Joined: Dec 2003
Posts: 2
Sorry i should have been a little more clear on my intentions smile

The networks are set up, running with acls in place working fine, i can communicate between the networks how i please.

The point is ssh must remain open as my users need it.

My problem is, because of the nature of work the profiles on the NT 5.1 systems cannot be locked down at all.

The reason i am questioning the possibilty of such back tunneling is because in theory if it was possible, any one of my users could

# install a service

# run a ssh connection to an external networks sshd, such as a
home pc

#use back tunneling to connect to that service

for example with vnc, you can send vnc connect requests to a listening server on port 5500, this port is of course blocked on the gateway but could be tunneled straight through using ssh.

I realise vnc connect doesnt use a reverse tunneling method but it did get me thinking of the possibilitys :p

Sorry for the confusion


you SUCK!!

Link Copied to Clipboard
Member Spotlight
Posts: 259
Joined: June 2002
Forum Statistics
Forums41
Topics33,680
Posts68,696
Average Daily Posts0
Members2,171
Most Online3,253
Jan 13th, 2020
Latest Postings
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
Where and how do you torrent?
by ZeroCoolStar - 07/06/11 07:22 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Girlie 1
unreal 1
Crime 1
Ice 1
Dartur 1
Powered by UBB.threads™ PHP Forum Software 7.7.4