SSH and forwarding

Discussion in 'Mac OS X Server, Xserve, and Networking' started by jaqkar, Aug 30, 2011.

  1. jaqkar macrumors newbie

    Aug 30, 2011

    I am at location a and cannot ssh from here because of firewall restrictions. I can however ftp and setup a machine outside this network, location b to forward port 21 to 22. I can ssh into this machine no problem. The thing is when I am on this machine in location b it does not want to ping, ssh or anything into anything else or any other machine. When I am sitting in front of the machine it work fine but somehow ssh is not allowing any traffic to go out. I can ping the router the machine at location b is connected to but not anything outside like etc.

    Any suggestions guys?
  2. aarond12 macrumors 65816


    May 20, 2002
    Dallas, TX USA
    I'm sorry, but your description of the problem is difficult to follow.

    If SSH and FTP are being blocked by firewalls, use port mapping to get around it. For example, if SSH (port 22) is being blocked, use port 2222 instead. Then use port mapping on your router to convert 2222 back to 22.

    It might work better if you break up all the problems you're having into separate questions.
  3. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Mar 5, 2009
    Are you trying to remote in with SSH if so thats not a good idea at all, that is what VPN is for. If this is internal someone should talk to your network admins because port 22 is a very widely used port for things like SFTP and forensics.
  4. jtara macrumors 68000

    Mar 23, 2009
    SSH and VPN are both "for" "remoting in". They are just two different ways of doing essentially the same thing.

    Sounds like the OP discovered that his outbound firewall blocks port 22, but not port 21. So he set-up ssh tunneling on port 22 of his host to (SSH) tunnel to port 21 on the same box. Or something like that. As others have said, the description is hard to follow. My best guess as to what he has done.

    Rather naive firewall installation, don't you think? It doesn't care what protocol is being used, just what ports are open. This is essentially no firewall. But pretty-much any outbound firewall is essentially no firewall, given the nearly universal need for unfettered access to HTTP on port 80. Anything can be transported over HTTP, one way or another...

    Rather than doing an SSH tunnel just do port-forwarding on the host's router. And pick some port other than 21, sheesh!

    SSH tunneling (can) forward ALL traffic from a host though a gateway at the other end of the tunnel. Apparently, this is what he has done. Or something. This would explain why system B can't get to the outside world while the tunnel is connected. He's default-routing to the tunnel. From the wrong end.

    Or something like that.

Share This Page