[Gllug] ssh to server inside firewall

steve.nicholson at yoursolutions.com steve.nicholson at yoursolutions.com
Mon Nov 19 19:15:56 UTC 2001


I'm trying to ssh into my server at home which is behind a firewall (smoothwall) and get "connection refused".  I have port forwarding setup to forward port 22 to the internal server IP and port 22.  It appears sshd on the server is allocating other ports to move to e.g. 625 but since these are not open on the firewall the client doesn't connect.  Everything I've found/read so far on ssh describes how the encryption/authentication works on connect but not on port allocation.  I assume client connects on port 22 and server responds carry on with connection at this port x.  Is there a way to get ssh to allocate a specific port so I can open it up or am I completely missing something here?

client is OpenSSH-1.2.3, server is OpenSSH-2.5.2 (yes I know I need to upgrade the client, it's on the list). Running client with -v this is what I get.

debug: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug: Allocated local port 623.
debug: connect: Connection refused
debug: Trying again...
debug: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug: Allocated local port 952.
debug: connect: Connection refused
debug: Trying again...

sshd isn't running on the firewall (it's on 222 when it is running). I can ssh to the firewall with sshd running, then from there to the server but I need to go direct since I have a guy that is using winscp that I want to put files on the server. 

I read somewhere that I could use ssh on the firewall to forward to the server, but this was for a database client, seems a bit unusual to have to tunnel ssh through ssh? I'm also assuming I only need to forward TCP not udp (although I did enable it to try, only have TCP forward for port 22 enabled at the moment).

Pointers in the right direction of documentation would be great.

thanks
Steve.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list