Fedora Linux Support Community & Resources Center
  #1  
Old 7th June 2006, 04:43 AM
leaded Offline
Registered User
  
Join Date: May 2004
Posts: 373
SSH Tunnelling?
I'm not sure I need to know about SSH Tunneling, but let me explain my scenario:

Up until this month, if I want to work from home it was easy. I used the Cisco VPN client to connect to our network and I could do anything I needed it, as if I were in the office. If a port like SSH was block on a certain production server, I can first SSH into my work desktop and then ssh into the production server. Basically, I always SSH'd into my desktop as soon as I connected to the VPN.

Well, June rolled around and the contractor changed. Those who stayed all work for a new company. We moved our stuff down the street and we'll all on a new network. We'll still connected to [big gov't agency]'s network, but now the firewall rules freaking suck. The VPN has always connected right into [big gov't agency]'s network, and the [big gov't agency] could access any computer in our office with no problems. Now, in the new world, the only ports they can access for port 80 and 443, and that's only if they are on a certain subnet.

I'm kind of a rookie to networking, but I've been using Linux for a few years now. That's why I need some ideas here. I can deal with the security aspects later, but I'd like to know if this is possible:
Connect to the [big gov't agency] network using Cisco VPN.
SSH to a machine in the open subnet with port 80 or 443.
SSH into my desktop machine on another subnet
Have access to any machine in the network in my network as if I were at my desk.

Now, this still isn't ideal. If we want to access production servers in the main [big gov't agency] network, we have to VPN in, even if we're in the office. We're still having problems because some servers don't allow connections via the VPN (a problem someone's working on, since the only access to those boxes is LOCAL, stupid firewall rules). Also, I use VMware Server for development over ports 902 and 904, and that might not work. But if I wanted to SSH into my desktop from home; could it be done?

<gripe>This is one of the problems with government agencies. They're so concerned about impressing the CIO or whoever that they lock down everything so tight that nothing can be done. I mean, aren't the Cisco VPNs with the SecurID tokens supposed to be pretty good? This contract change is making it very difficult to do the things I used to be able to do. Like I said before, some production boxes aren't accessible anymore. I used to be able to, from my desk, SSH into them and make changes or whatever. Now, AT WORK, I can't access it at all. Ugh.</gripe>

Thanks in advance!
Reply With Quote
  #2  
Old 7th June 2006, 05:20 AM
tebbens Offline
Registered User
  
Join Date: Aug 2005
Posts: 290
Quote:
I'm kind of a rookie to networking, but I've been using Linux for a few years now. That's why I need some ideas here. I can deal with the security aspects later, but I'd like to know if this is possible:
Connect to the [big gov't agency] network using Cisco VPN.
SSH to a machine in the open subnet with port 80 or 443.
SSH into my desktop machine on another subnet
Have access to any machine in the network in my network as if I were at my desk.
You will not get access to anything unless your allowed to VPN in.
Does your VPN client still connect ?

If you can VPN in to the open subnet
and if the new firewall rules allow port 80 or 443 in AND out
and if you can setup an SSH server on that open subnet to use ports 80 or 443
and if that server can SSH to your desktop machine
then you will have no problem !


Quote:
Now, this still isn't ideal. If we want to access production servers in the main [big gov't agency] network, we have to VPN in, even if we're in the office. We're still having problems because some servers don't allow connections via the VPN (a problem someone's working on, since the only access to those boxes is LOCAL, stupid firewall rules). Also, I use VMware Server for development over ports 902 and 904, and that might not work. But if I wanted to SSH into my desktop from home; could it be done?
Unless you can VPN in, nothing else will work.

Having your desktop call out to you is a whole different story, and probably get you fired.
Reply With Quote
  #3  
Old 7th June 2006, 12:09 PM
leaded Offline
Registered User
  
Join Date: May 2004
Posts: 373
I won't do anything stupid. I'm more just interested in the "can I" versus "I will" I'll talk to the security guys about what you just said and see what they think. Maybe it one of those things like "policy says ports 80 and 443 are open; doesn't say what programs have to run on those ports." Thanks!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
X Tunnelling dmbrown00 Servers & Networking 3 7th August 2007 11:45 PM
gaim- firewall, tunnelling bhikumhatre007 Servers & Networking 16 8th October 2005 12:57 PM
gaim- tunnelling bhikumhatre007 Using Fedora 0 30th September 2005 10:52 AM
ssh tunnelling on startup nimmonika Using Fedora 1 23rd May 2005 04:54 PM


Current GMT-time: 20:12 (Friday, 24-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat