Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   Remote access (http://www.linux-archive.org/fedora-user/587463-remote-access.html)

"KC8LDO" 10-14-2011 04:13 AM

Remote access
 
Is there a way to use ssh to get through a firewall for remote access to a
system? The situation I'm looking at is a Fedora system sitting behind a
company firewall, which I have no control over, that I wish to gain access
to by logging into it over the Internet from a remote computer. In other
words the connection is initiated from outside of the firewalled company
network.

What I'm thinking is using ssh to forward a port, 3389, to another computer
on my own private network (also behind a firewall and NAT router) at home
acting as a middle man. Then from another computer, lets say at a hotel,
logging in to the same computer on my private home network and have it pass
traffic bidirectionaly between the two end point computers.

Is this something than can be done using ssh and if so how? I would also
like to have the remote Fedora system connection to the middle man computer
remain even if the remote computer is not connected.

Regards,

Leland C. Scott
KC8LDO

"The most reliable components
are the ones you leave out."

Gordon Bell, father of the
minicomputer at DEC.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Scott Rouse 10-14-2011 04:32 AM

Remote access
 
On Oct 14, 2011 12:13 AM, "KC8LDO" <kc8ldo@arrl.net> wrote:

>

> Is there a way to use ssh to get through a firewall for remote access to a

> system? The situation I'm looking at is a Fedora system sitting behind a

> company firewall, which I have no control over, that I wish to gain access

> to by logging into it over the Internet from a remote computer. In other

> words the connection is initiated from outside of the firewalled company

> network.

>

> What I'm thinking is using ssh to forward a port, 3389, to another computer

> on my own private network (also behind a firewall and NAT router) at home

> acting as a middle man. Then from another computer, lets say at a hotel,

> logging in to the same computer on my private home network and have it pass

> traffic bidirectionaly between the two end point computers.

>

> Is this something than can be done using ssh and if so how? I would also

> like to have the remote Fedora system connection to the middle man computer

> remain even if the remote computer is not connected.

>

> Regards,

>

> Leland C. Scott

> KC8LDO

>

> "The most reliable components

> *are the ones you leave out."

>

> Gordon Bell, father of the

> minicomputer at DEC.

>

> --

> users mailing list

> users@lists.fedoraproject.org

> To unsubscribe or change subscription options:

> https://admin.fedoraproject.org/mailman/listinfo/users

> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


There are many companies that would frown upon doing what you are proposing.* I would suggest that you talk to your network/firewall admin and see if they will make an allowance for you.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Alain Spineux 10-14-2011 06:39 AM

Remote access
 
On Fri, Oct 14, 2011 at 6:13 AM, KC8LDO <kc8ldo@arrl.net> wrote:
> Is there a way to use ssh to get through a firewall for remote access to a
> system? The situation I'm looking at is a Fedora system sitting behind a
> company firewall, which I have no control over, that I wish to gain access
> to by logging into it over the Internet from a remote computer. In other
> words the connection is initiated from outside of the firewalled company
> network.
>
> What I'm thinking is using ssh to forward a port, 3389, to another computer
> on my own private network (also behind a firewall and NAT router) at home
> acting as a middle man. Then from another computer, lets say at a hotel,
> logging in to the same computer on my private home network and have it pass
> traffic bidirectionaly between the two end point computers.
>
> Is this something than can be done using ssh and if so how? I would also
> like to have the remote Fedora system connection to the middle man computer
> remain even if the remote computer is not connected.

tcpproxyreflector does exactly what you want. Install it on the 3
computers and run it :

- as a server at home, to get connection from the the client and console
- as the client at work, to open and keep the the connection open with home
- as a console on your laptop at the hotel to activate a tunnel and
connect through SSH or directly on port "3389" to another computer
inside the company.

http://blog.magiksys.net/software/tcp-proxy-reflector

Have fun

>
> Regards,
>
> Leland C. Scott
> KC8LDO
>
> "The most reliable components
> *are the ones you leave out."
>
> Gordon Bell, father of the
> minicomputer at DEC.
>
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>



--
Alain Spineux * * * * * * * * * | *aspineux gmail com
Monitor your iT & Backups | *http://www.magikmon.com
Free Backup front-end * * * | http://www.magikmon.com/mksbackup
Your email 100% available | *http://www.emailgency.com
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Marko Vojinovic 10-14-2011 11:05 AM

Remote access
 
On Friday 14 October 2011 05:13:53 KC8LDO wrote:
> Is there a way to use ssh to get through a firewall for remote access to a
> system? The situation I'm looking at is a Fedora system sitting behind a
> company firewall, which I have no control over, that I wish to gain access
> to by logging into it over the Internet from a remote computer. In other
> words the connection is initiated from outside of the firewalled company
> network.
>
> What I'm thinking is using ssh to forward a port, 3389, to another computer
> on my own private network (also behind a firewall and NAT router) at home
> acting as a middle man. Then from another computer, lets say at a hotel,
> logging in to the same computer on my private home network and have it pass
> traffic bidirectionaly between the two end point computers.
>
> Is this something than can be done using ssh and if so how? I would also
> like to have the remote Fedora system connection to the middle man computer
> remain even if the remote computer is not connected.

You want to look into OpenVPN. It does take some time to read the docs and set
it up, but it's worth it.

http://openvpn.net/index.php/open-source.html

Essentially, it adds a virtual ethernet device (called tap) to each machine,
and connects these into a virtual LAN. From that point on you can do whatever
you want, as if the machines were next to each other in the same room,
connected to an ethernet switch.

It may happen that the default openvpn port is blocked by the company firewall.
In that case just reconfigure your machines to use openvpn on some port that is
not blocked. Other than that, openvpn will work for you all over the globe,
and it is completely under your control.

Best, :-)
Marko

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Marko Vojinovic 10-14-2011 11:26 AM

Remote access
 
On Friday 14 October 2011 05:32:23 Scott Rouse wrote:
> On Oct 14, 2011 12:13 AM, "KC8LDO" <kc8ldo@arrl.net> wrote:
> > Is there a way to use ssh to get through a firewall for remote access to
> > a system? The situation I'm looking at is a Fedora system sitting behind
> > a company firewall, which I have no control over, that I wish to gain
> > access to by logging into it over the Internet from a remote computer.
> > In other words the connection is initiated from outside of the
> > firewalled company network.
>
> There are many companies that would frown upon doing what you are
> proposing. I would suggest that you talk to your network/firewall admin
> and see if they will make an allowance for you.

True, and that is usually the best option. The drawback being that you are
putting yourself at mercy of the firewall admin, who might be lazy,
incompetent, or ignorant (which is sometimes the case), or have a boss that is
one of those things (which is the case quite often).

However, every serious firewall admin should know that the firewall is a one-way
barrier, protecting local users from the outside attack, and having in
principle no way to protect the outside world from the local user. Or in the
words of the firewall-piercing HOWTO
( http://tldp.org/HOWTO/Firewall-Piercing ):

<quote>
A firewall cannot protect a network against its own internal users, and should
not even try to.
</quote>

So, if the OP asks his admin to allow him the access, and is refused, I think
it is perfectly legitimate to DIY and pierce a connection through.

Best, :-)
Marko





--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 09:51 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.