Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Port Forwarding - Firewall Traversal

from [Scott Baker] Network Security [Permanent Link]
Subject: Re: Port Forwarding - Firewall Traversal
Date: Wed, 07 Jun 2006 14:10:03 -0700 
I don't know about THIS situation as I don't know Oracle but port
forwarding HTTP (port 80 or even 443) is TOTALLY ssh port forwarding
friendly. The ONLY problems you might have are DNS, where the server
expects the request to say "www.foo.com" instead of "localhost" but
even that can be hacked with an edit in your hosts file.

I've port forwarded port 80 lots of times with SSH with no problems.

Scott

Pierre Neyron wrote:

It's not working.  I can see in the firewall log that it allows the
first packet to go to the app.server on port 9000 and it drops the
second packet that goes for some reason to the app.server on port 1810.
 

The HTTP protocol is not ssh port fwding friendly.


Am I missing anything?

Thanks,
- - - - - - - - - -
Henry
 


app.server being a linux (?), I think it may be worth trying to use an
iptables rule instead of ssh fwding (but needs root privileges):
# iptables -t nat -A PREROUTING -s your-work-station -d appserver -p tcp
--dport 9000 -j REDIRECT --to-port 1810

another idea:
on appserver:
# ssh -D 9000 -g appserver
then configure appserver:9000 as a socks proxy server in firefox on your
workstation.

Regards,
Pierre




-- 
Scott Baker - RHCE
Canby Telcom System Administrator
503.266.8253
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: how to automate public key authentication when server dual-boots two linuxes, Mailing List
Next by Date:  Re: Port Forwarding - Firewall Traversal, Pierre Neyron
Previous by Thread:  Re: Port Forwarding - Firewall Traversal, Pierre Neyron
Next by Thread:  Re: Port Forwarding - Firewall Traversal, Pierre Neyron
Indexes:  [Date] [Thread] [Top] [All Lists]