[Novalug] determining where a port is blocked

gregory pryzby greg@pryzby.org
Wed Nov 14 09:06:06 EST 2007


Thanks... I think so... I will go and read, look at the pix and give
it a try.

On Wed, Nov 14, 2007 at 08:56:14AM -0500, DonJr wrote:
> On Wed, 2007-11-14 at 07:29 -0500, gregory pryzby wrote:
> > What am I missing or not communicating?
> > 
> > From what I can tell, only port 22 is getting to imap.pryzby.org
> >
> > on laptop.pryzby.org (somewhere on the web)
> >    ssh -2 -L 143:imap.pryzby.org:22 (since on 22 is allowed in)
> >    MUA uses 127.0.0.1:143
> > on imap.pryzby.org
> >    have imapd listen on 22
> > 
> > And now NO ssh shell access, correct?
> 
> You would set the above combo up this way:
>   On imap.pryzby.org
>     sshd  is setup the default way listing for connection to port 22
>     imap  the imap server is setup to listen to port 143
> 
>  So that user@imap.pryzby.org can do the following:
>     imap://user@127.0.0.1/mailbox[1]  # and the user can see there mail 
>  
> and the can open a ssh shell locally if the wish with default syntax:
>      ssh user@127.0.0.1
> 
> NOW for the LAPTOP{.PRYZBY.ORG} user:
>   They would first open an ssh connection this way:
>     ssh -2 -N -L 143:127.0.0.1:143  imap.pryzby.org
>       { If they DON'T also want shell access, also. }
>    Or
>     ssh -2 -L 143:127.0.0.1:143  imap.pryzby.org
>      {if the WANT a shell.}     # the difference is the '-N' option
> 
> Either way on the LAPTOP once one or the other ssh connection was
> connected to talk to the IMAP server running on imap.pryzby.org you
> would simply access as if the imap server was {now} running on the
> localhost(laptop) (ie):
>    imap://greg@127.0.0.1/mailbox
> 
> Do note that by default on Linux based systems only root can open a
> listening port below 1024 and the is why it common to use 1143 to
> forward imap service so you would normally use the following combo:
> 
>  greg@laptop$  ssh -2 -L 1143:127.0.0.1:143  imap.pryzby.org
> 
> and to access the forward imap connection tell your mail client to use:
>    imap://greg@127.0.0.1:1143/mailbox
> 
> Does this explain the setup more clearly?
> 
> It's possible to carry multiply{word} streams of data over one ssh
> connection.
> 
> For even more details {and also a few pretty pictures} see:
>   "SSH Port Forwarding"
> <http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_11/index3.html>
> 
> Or Google on: ssh imap forwarding mutt
> and take your pick.
> 
> --  
> -- 
>  Don E. Groves, Jr. 
> 
> $ /usr/games/fortune : 
> ROMEO: Courage, man; the hurt cannot be much. 
> 
> MERCUTIO: No, 'tis not so deep as a well, nor so wide 
> as a church-door; but 'tis enough, 'twill serve. 
> 

-- 
greg pryzby                              greg at pryzby dot org
fingerprint: 8A1A DB90 869F 5DD1 D6E9 EEB6 C156 6B04 849F A86F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20071114/247b15e6/attachment.asc>


More information about the Novalug mailing list