It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by ">User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a ">Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#4468 - 12/29/03 01:54 AM Reverse Access Through SSH Tunnel  
Joined: Dec 2003
Posts: 2
disinformation Offline
Junior Member
disinformation  Offline
Junior Member

Joined: Dec 2003
Posts: 2
Hi All,

I have two networks set up over a cisco 2600 router, on e0 and on e1.

Basically i have a server running on with a firewalled gateway at and the network is fully unfirewalled.

I have and sshd running at and can connect to it from and ssh is the only outbound port that ive opened.

I have and FTPd running on and would like to connect to it from the 192.168.0 subnet.

Is it possible to establish an ssh session between and then use that tunnel to reverse forward ftp. So for example from localhost:42 would go BACKWARDS through the tunnel and forward to the 10.0.0.x server.

Im new to this group so sorry for the newb question, ive search google loads but to no avail.


you SUCK!!
Sponsored Links
#4469 - 12/29/03 04:22 AM Re: Reverse Access Through SSH Tunnel  
Joined: Dec 2003
Posts: 17
AnthonyVSD Offline
Junior Member
AnthonyVSD  Offline
Junior Member

Joined: Dec 2003
Posts: 17
BC, Canada
Backtunneling through a SSH connection defeats the purpose of having SSH, I highly doubt you'd ever find a reliable way of accomplishing that. Your best bet would be to use some type of VPN session, though the way you have your servers setup has me slightly confused.

Anthony Gorecki
"Freedom through knowledge."
#4470 - 12/29/03 06:28 AM Re: Reverse Access Through SSH Tunnel  
Joined: Mar 2002
Posts: 1,041
Infinite Offline
UGN Elite Poster
Infinite  Offline
UGN Elite Poster

Joined: Mar 2002
Posts: 1,041
Canada eh
Yeh, this seems overly complicated. Why not just add an access list to allow ftp only? I'm a little hazy on your setup, but something like:

(config)# access-list 101 permit tcp 0 eq 21

should do it. Naturally you'd have to modify it to suit your exact purposes, and then actually apply it to an interface; I would guess you'd use e0 like so:

(config-if)# access-group 101 out

Hope this helps.


#4471 - 12/30/03 05:29 AM Re: Reverse Access Through SSH Tunnel  
Joined: Dec 2003
Posts: 2
disinformation Offline
Junior Member
disinformation  Offline
Junior Member

Joined: Dec 2003
Posts: 2
Sorry i should have been a little more clear on my intentions smile

The networks are set up, running with acls in place working fine, i can communicate between the networks how i please.

The point is ssh must remain open as my users need it.

My problem is, because of the nature of work the profiles on the NT 5.1 systems cannot be locked down at all.

The reason i am questioning the possibilty of such back tunneling is because in theory if it was possible, any one of my users could

# install a service

# run a ssh connection to an external networks sshd, such as a
home pc

#use back tunneling to connect to that service

for example with vnc, you can send vnc connect requests to a listening server on port 5500, this port is of course blocked on the gateway but could be tunneled straight through using ssh.

I realise vnc connect doesnt use a reverse tunneling method but it did get me thinking of the possibilitys :p

Sorry for the confusion

you SUCK!!

Member Spotlight
SC, usa
Posts: 508
Joined: March 2002
Show All Member Profiles 
Forum Statistics
Average Daily Posts1
Most Online1,567
Apr 25th, 2010
Latest Postings
by Crime on 08/10/18 09:58 PM
my old account still exists!
by Crime on 08/10/18 09:47 PM
Okay WTF?
by HenryMiring on 09/27/17 08:45 AM
Top Posters(All Time)
UGN Security 41,392
Gremelin 7,202
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 3
Black Beard Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
fleshwound Likes: 1
Ghost Likes: 2
Gremelin Likes: 12
Ice Likes: 1
ninjaneo Likes: 1
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20170206)