UGN Security
Posted By: disinformation Reverse Access Through SSH Tunnel - 12/29/03 01:54 AM
Hi All,

I have two networks set up over a cisco 2600 router, 10.0.0.0/24 on e0 and 192.168.0.0/24 on e1.

Basically i have a server running on 10.0.0.2 with a firewalled gateway at 10.0.0.5 and the 192.168.0.0 network is fully unfirewalled.

I have and sshd running at 192.168.0.2 and can connect to it from 10.0.0.2 and ssh is the only outbound port that ive opened.

I have and FTPd running on 10.0.0.2 and would like to connect to it from the 192.168.0 subnet.

Is it possible to establish an ssh session between 10.0.0.2 and 192.168.0.2 then use that tunnel to reverse forward ftp. So for example from 192.168.0.2 localhost:42 would go BACKWARDS through the tunnel and forward to the 10.0.0.x server.

Im new to this group so sorry for the newb question, ive search google loads but to no avail.

Thanks
Posted By: AnthonyVSD Re: Reverse Access Through SSH Tunnel - 12/29/03 04:22 AM
Backtunneling through a SSH connection defeats the purpose of having SSH, I highly doubt you'd ever find a reliable way of accomplishing that. Your best bet would be to use some type of VPN session, though the way you have your servers setup has me slightly confused.
Posted By: Infinite Re: Reverse Access Through SSH Tunnel - 12/29/03 06:28 AM
Yeh, this seems overly complicated. Why not just add an access list to allow ftp only? I'm a little hazy on your setup, but something like:

(config)# access-list 101 permit tcp 192.168.0.0 0.0.255.255 10.0.0.0 0 0.255.255.255 eq 21

should do it. Naturally you'd have to modify it to suit your exact purposes, and then actually apply it to an interface; I would guess you'd use e0 like so:

(config-if)# access-group 101 out

Hope this helps.

Infinite
Posted By: disinformation Re: Reverse Access Through SSH Tunnel - 12/30/03 05:29 AM
Sorry i should have been a little more clear on my intentions smile

The networks are set up, running with acls in place working fine, i can communicate between the networks how i please.

The point is ssh must remain open as my users need it.

My problem is, because of the nature of work the profiles on the NT 5.1 systems cannot be locked down at all.

The reason i am questioning the possibilty of such back tunneling is because in theory if it was possible, any one of my users could

# install a service

# run a ssh connection to an external networks sshd, such as a
home pc

#use back tunneling to connect to that service

for example with vnc, you can send vnc connect requests to a listening server on port 5500, this port is of course blocked on the gateway but could be tunneled straight through using ssh.

I realise vnc connect doesnt use a reverse tunneling method but it did get me thinking of the possibilitys :p

Sorry for the confusion
© UGN Security Forum