Linux-Noob Forums
NAT and Linux - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Noob (https://www.linux-noob.com/forums/forum-3.html)
+--- Forum: Network Problems (https://www.linux-noob.com/forums/forum-58.html)
+--- Thread: NAT and Linux (/thread-3925.html)



NAT and Linux - kZo - 2003-12-17


I'm currently running SSH on one of my Nix boxes at work. SSH works perfectly inhouse. However for whatever reason I cannot hit the external IP and have it connect.

 

I guess my question is,

 

If I have a firewall in place, and it's pointing to port 22, to my email server, why would I not be able to connect via SSH.

 

Ipchains/Iptables is not started.

Host.deny Host.allow are not there.

 

So, what else could block my ip from connecting? Is there a setting within the SSH config?




NAT and Linux - kZo - 2003-12-17


Hehehe...

 

Patience isn't a virtue I have I guess. They said the new firewall would be in place by this morning. That would explain

 

1. No ping

2. No http

3. No ssh

4. No love

 

;)




NAT and Linux - grep420 - 2004-01-02


Do you have a jump box you can ssh to on the public net? Here is a little trick I do at work because of our nazi firewall. We arent supposed to be able to get into the work network from home.

 

I setup a reverse ssh tunnel to my jumpbox on the public internet. This will listen on port 8888 and also fork the process into the background and release the shell:

 

[jsw34@paradox jsw34]$ ssh -l grep420 -f -R 8888:localhost:22 grep420.net -N

 

grep420@grep420.net's password:

 

(now this drops me back to a prompt on my box behind the firewall, so I now ssh out to the box on the public internet.)

 

[jsw34@paradox jsw34]$ ssh grep420.net -l grep420

grep420@grep420.net's password:

Last login: Thu Jan 1 23:35:13 2004 from xxxxx.client.comcast.net

 

(now that I am on the box the tunnel is setup to, I just ssh to the tunnel port on localhost.)

 

grep420@grep420.net [~]# ssh -l jsw34 -p 8888 localhost

"Any unauthorized attempts will be recorded!"

jsw34@localhost's password:

[jsw34@paradox jsw34]$

 

(Now I am back on the box behind the nazi firewall, and the firewall thinks the connection was initiated from behind it so it allows the traffic. Since the process has no shell and is running in the background it will keep the connection open until you reboot the box or your network goes down.)

 

- grep420




NAT and Linux - OVERKILL - 2004-01-05

That is truely beautiful.