On Monday 18 February 2008, Etaoin Shrdlu wrote: > On Monday 18 February 2008, Mick wrote: > > Hi All, > > > > I think that I have confused myself with this. I am behind a > > firewall/http proxy which seems to only allow outbound connections on > > ports 80 & 443 for web browsing. This is not enough for me, as I > > would like to use my mail client to send and receive mail from behind > > the firewall. > > > > I tried connecting to ssh servers which listen on different ports, > > besides tcp/22 and I was not successful. This is probably an > > indication that the internet gateway machine only accepts connections > > for packets that have a destination to ports 80 & 443. > > > > If the above is correct, am I right to assume that to be able to run a > > tunnel through this internet gateway I should run something like: > > > > ssh -L 2222:localhost:443 [EMAIL PROTECTED] > > This command still tries to contact the remote host on port 22, and is > blocked by the firewall.
Oops! Yes, the primary ssh connection will take place to port 22 on the server, unless this is specified separately as you show below. > IIUC to exit the local firewall you should have the remote sshd listening > on port 443 or 80. > > ssh -p 443 [EMAIL PROTECTED] > > Of course, the remote /etc/ssh/sshd_config must have "Port 443" (or 80). > If this works and you are able to actually connect to the remote ssh, you > can add local or remote port forwarding to this basic command. > > So, as an example for email, you can do something: > > ssh -p 443 -L 2222:smtpserver:25 [EMAIL PROTECTED] > > and configure your mail client to send to localhost, port 2222. > Another alternative (depending upon how many ports you need to forward) > could be to use SOCKS. With option -D on the server. Hmm, need to explain that the ssh server is NOT the mail server (and last time I looked gmail did not accept ssh connections to their mail servers!), but a router I run at home. The idea is that I will set up corresponding forwarding rules on the router. Is that sound? PS. Unless I missed it Kmail does not have settings for SOCKS. Thank you for your help. :) -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.