Date: Tue, 3 Jun 2003 00:35:27 +0000 From: Daniela <dgw@liwest.at> To: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> Cc: questions@freebsd.org Subject: Re: Complicated routing/SSH-FTP tunneling problem Message-ID: <200306030035.27200.dgw@liwest.at> In-Reply-To: <44wug419gd.fsf@be-well.ilk.org> References: <200305310030.58636.dgw@liwest.at> <200306020634.04321.dgw@liwest.at> <44wug419gd.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 02 June 2003 21:00, Lowell Gilbert wrote: > Daniela <dgw@liwest.at> writes: > > On Sunday 01 June 2003 23:51, Lowell Gilbert wrote: > > > Daniela <dgw@liwest.at> writes: > > > > I have the following problem: > > > > > > > > I'm running a FreeBSD SSH server. > > > > Some clients can't connect to it. They are on a local network, > > > > connected to the internet through another server. This second server > > > > used to allow SSH login, and users could then connect to my server > > > > from the second server. > > > > > > > > On the second server, SSH login isn't allowed any more. It won't > > > > route any requests to the outside, except for mail. The FTP port is > > > > open, however. I heard it is possible to create a tunnel over FTP, so > > > > the clients could still get to my server. > > > > > > > > How could we do this (if it is possible)? Are there other ways? > > > > > > You need some kind of cooperation from the other server. > > > It sounds like you're trying to get around security precautions of the > > > other server, but if that's not the case, you ought to work this out > > > with the administrator of the other server. > > > > This is not possible, the admin won't let them out. > > This is because of high loads on the network. He doesn't care if only a > > few people connect out. > > > > > You can't create an IP tunnel over an FTP server; at least, not using > > > any FTP server software I know well... > > > > The clients run Linux. Isn't it possible to get around this by routing > > their reqests? They would only need to set the default gateway. > > I may be misunderstanding you here, but I think that you're trying to > make an ssh connection into a system that isn't running sshd at all. Both servers are running sshd. The other one allows only root login, however. > That won't work, obviously. You *can* run sshd on the ftp port if you > want, but you still have to run it. That would be the solution. They can go out on the FTP port. I could just redirect port 21 to 22 with NAT, and move my FTP server to, say, port 2100. Thanks for your help. Daniela
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306030035.27200.dgw>