Henry Kupets wrote: > Hello, > > I'd appreciate if somebody could suggest me how to configure SSH to > bypass a firewall restrictions. > > I have a host (Oracle app.server) in DMZ that I need to access through > HTTP on port 1810 from the Windows PC that resides inside the LAN. The > firewall does not allow traffic through port 1810 but allows traffic > through port 9000. (When I point the browser to http://appserver:1810 it > returns "The page cannot be displayed"). > I was trying to set up port forwarding on the app.server using: > > 1) Changed sshd_config on the app.server (AllowTcpForwarding yes) > 2) Ran on the app.server: ssh -g -L 9000:appserver:1810 appserver > > It's not working. I can see in the firewall log that it allows the > first packet to go to the app.server on port 9000 and it drops the > second packet that goes for some reason to the app.server on port 1810. > The HTTP protocol is not ssh port fwding friendly.
> Am I missing anything? > > Thanks, > - - - - - - - - - - > Henry > app.server being a linux (?), I think it may be worth trying to use an iptables rule instead of ssh fwding (but needs root privileges): # iptables -t nat -A PREROUTING -s your-work-station -d appserver -p tcp --dport 9000 -j REDIRECT --to-port 1810 another idea: on appserver: # ssh -D 9000 -g appserver then configure appserver:9000 as a socks proxy server in firefox on your workstation. Regards, Pierre
