[Novalug] determining where a port is blocked
gregory pryzby
greg@pryzby.org
Wed Nov 14 09:06:06 EST 2007
Thanks... I think so... I will go and read, look at the pix and give
it a try.
On Wed, Nov 14, 2007 at 08:56:14AM -0500, DonJr wrote:
> On Wed, 2007-11-14 at 07:29 -0500, gregory pryzby wrote:
> > What am I missing or not communicating?
> >
> > From what I can tell, only port 22 is getting to imap.pryzby.org
> >
> > on laptop.pryzby.org (somewhere on the web)
> > ssh -2 -L 143:imap.pryzby.org:22 (since on 22 is allowed in)
> > MUA uses 127.0.0.1:143
> > on imap.pryzby.org
> > have imapd listen on 22
> >
> > And now NO ssh shell access, correct?
>
> You would set the above combo up this way:
> On imap.pryzby.org
> sshd is setup the default way listing for connection to port 22
> imap the imap server is setup to listen to port 143
>
> So that user@imap.pryzby.org can do the following:
> imap://user@127.0.0.1/mailbox[1] # and the user can see there mail
>
> and the can open a ssh shell locally if the wish with default syntax:
> ssh user@127.0.0.1
>
> NOW for the LAPTOP{.PRYZBY.ORG} user:
> They would first open an ssh connection this way:
> ssh -2 -N -L 143:127.0.0.1:143 imap.pryzby.org
> { If they DON'T also want shell access, also. }
> Or
> ssh -2 -L 143:127.0.0.1:143 imap.pryzby.org
> {if the WANT a shell.} # the difference is the '-N' option
>
> Either way on the LAPTOP once one or the other ssh connection was
> connected to talk to the IMAP server running on imap.pryzby.org you
> would simply access as if the imap server was {now} running on the
> localhost(laptop) (ie):
> imap://greg@127.0.0.1/mailbox
>
> Do note that by default on Linux based systems only root can open a
> listening port below 1024 and the is why it common to use 1143 to
> forward imap service so you would normally use the following combo:
>
> greg@laptop$ ssh -2 -L 1143:127.0.0.1:143 imap.pryzby.org
>
> and to access the forward imap connection tell your mail client to use:
> imap://greg@127.0.0.1:1143/mailbox
>
> Does this explain the setup more clearly?
>
> It's possible to carry multiply{word} streams of data over one ssh
> connection.
>
> For even more details {and also a few pretty pictures} see:
> "SSH Port Forwarding"
> <http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_11/index3.html>
>
> Or Google on: ssh imap forwarding mutt
> and take your pick.
>
> --
> --
> Don E. Groves, Jr.
>
> $ /usr/games/fortune :
> ROMEO: Courage, man; the hurt cannot be much.
>
> MERCUTIO: No, 'tis not so deep as a well, nor so wide
> as a church-door; but 'tis enough, 'twill serve.
>
--
greg pryzby greg at pryzby dot org
fingerprint: 8A1A DB90 869F 5DD1 D6E9 EEB6 C156 6B04 849F A86F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20071114/247b15e6/attachment.asc>
More information about the Novalug
mailing list