[Courses] [Security] Port forwarding with SSH andipchains/iptables
jennyw
jennyw at dangerousideas.com
Thu Mar 21 12:54:12 EST 2002
I'd prefer doing it on Linux, partly because SSH has run on there longer,
and partly because I'd rather not do firewall port forwarding on top of SSH
port forwarding. I think if I use SSH port forwarding on the firewall, I
don't need to do anything with the firewall config except to allow ssh
connections, then setup SSH port forwarding. Unfortunately, I did a simple
test to see if port-forwarding would work and got stumped early on.
I have a Linux box (192.168.1.3) and two Windows boxes on my test network.
One of the Windows boxes is my test anti-virus server running IIS
(192.168.1.108). The other Windows box is just used as a Web client
(192.168.1.100). On the Linux box, I ran this command:
su -c "ssh -L 80:192.168.1.108:80 192.168.1.3 -l jen"
After typing the root password and my password to login to the Linux box
(this seems kind of weird -- isn't there a way to forward ports without
getting a shell?), I noticed that if I try to access http://192.168.1.3, the
connection is refused in Netscape on the Linux box. However, when I go to
http://127.0.0.1 in Netscape, the page loads. The Windows client also is
refused a connection when trying to connect to the Linux box
(http://192.168.1.3).
Does this mean that port forwarding only works for the local machine? If so,
then the whole scheme to use SSH as a VPN substitute probably isn't going to
fly. If someone with more SSH experience could offer some advice, that'd be
really appreciated!
Thanks!
Jen
P.S. PuTTY, TTSSH, and OpenSSH on Cygwin are all free. For my purposes,
there are two big problems with all but OpenSSH: 1) Command-line support;
and 2) Lack of a server component. I just installed OpenSSH and it seems to
work okay as a server, but I have no idea how stable it is. I'm also not
sure that I really want an SSH server running on a Windows box. For what
it's worth, I prefer the PuTTY client to TTSSH and OpenSSH.
----- Original Message -----
From: "Erin Mulder" <meara99 at yahoo.com>
To: <courses at linuxchix.org>
Sent: Wednesday, March 20, 2002 9:17 PM
Subject: Re: [Courses] [Security] Port forwarding with SSH
andipchains/iptables
> > > Yes, the workstations cannot have ssh installed on them. They're
Windows
> > > boxes. I guess it's possible to install SSH on them, but
non-commercial
> > > implementations seem to be in some pre-release stage right now.
>
> >From Windows, I'm a fan of SecureCRT. It's not free, but
> I got it bundled with SecureFX (a secure ftp client) for $99 and
> haven't regretted the purchase. Among other things, it makes
> port forwarding very easy.
>
> Erin
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> Courses mailing list
> Courses at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/courses
>
>
>
More information about the Courses
mailing list