Need help forwarding ports (tunneling) from work to home ftp

dscro · 12-18-2007, 10:17 AM

I have a home sftp server. I want to access it from work. At work I am behind a firewall that blocks port 22 for ssh. However there is one server behind the firewall with me that can get out on port 22. And I can also get to that server via port 22 from my office computer.

My office machine runs win 2000. The intermediate server is free BSD. My home sftp server is really a mac running OS 10.3 configured for SSH.

Right now I can use Putty to get on the intermediate server at work. I have an actual account on that server. Once there I can ssh to my home sftp computer. But then transfering files from home to work or vice versa is a two step, command line only experience. SCP from home to intermediate server and then scp from there to my work desktop (or use filezilla of winscp at this point.

Shouldn't I be able to just use winscp and tunnel through the intermediate server to my home sftp? So far, every website about tunneling and port forwarding refers to tunneling from one port to another (ie to send http encrypted over ssh). I don't want this. I just want to send 22 local to 22 on the intermediate server to 22 at home.

I assume I'll need root or at least sudo priveleges on the free BSD machine to do this.

Any help would be great.
Thanks

petronius · 12-18-2007, 12:06 PM

The easiest way to go about this would be to get port 22 opened on the firewall if you can. Blocking secure, source traffic is pointless to me but I guess corporate policy makers have their reasons.

If you had the resources, you could setup a vpn connection to your home network. These ports would need to be open on the firewall:

IPSsec tunnels use port 500/udp, as well as port 50 for Encapsulation Header (ESP), and/or port 51 for Authentication Header (AH).

johnwill · 12-18-2007, 01:49 PM

OTOH, screwing around and trying to bypass corporate network restrictions may have you looking for a new job. Something to consider...

petronius · 12-18-2007, 02:07 PM

Quote:

Originally Posted by johnwill

OTOH, screwing around and trying to bypass corporate network restrictions may have you looking for a new job. Something to consider...

By "if you can" I mean by getting permission from the appropriate authority to open the port. I'm a strong advocate of policy-driven networks; whether I agree with the policy or not, I don't condone circumventing policy.

dscro · 12-18-2007, 04:20 PM

Well, OK
I've already asked. The system administrator knows that I can currently ssh on port 22 using Putty from my windows machine to the free BSD server which has outside access on port 22. So there's no secret. I have command line access to my home server already and that is just fine with them. They just don't want to make changes. If I can find a way to do it with the current configuration, no one will mind.

I can live with the command line access, it's just the fact that I have to scp every file twice that's annoying.

By the way, sorry for the double post.

12-18-2007, 10:17 AM	#1 (permalink)
dscro Registered User Join Date: Dec 2007 Posts: 3 OS: WinXP, Linux (Mandrake), Mac OS 10.4	Need help forwarding ports (tunneling) from work to home ftp I have a home sftp server. I want to access it from work. At work I am behind a firewall that blocks port 22 for ssh. However there is one server behind the firewall with me that can get out on port 22. And I can also get to that server via port 22 from my office computer. My office machine runs win 2000. The intermediate server is free BSD. My home sftp server is really a mac running OS 10.3 configured for SSH. Right now I can use Putty to get on the intermediate server at work. I have an actual account on that server. Once there I can ssh to my home sftp computer. But then transfering files from home to work or vice versa is a two step, command line only experience. SCP from home to intermediate server and then scp from there to my work desktop (or use filezilla of winscp at this point. Shouldn't I be able to just use winscp and tunnel through the intermediate server to my home sftp? So far, every website about tunneling and port forwarding refers to tunneling from one port to another (ie to send http encrypted over ssh). I don't want this. I just want to send 22 local to 22 on the intermediate server to 22 at home. I assume I'll need root or at least sudo priveleges on the free BSD machine to do this. Any help would be great. Thanks

12-18-2007, 12:06 PM	#2 (permalink)
petronius Registered User Join Date: Dec 2007 Location: NorCal Posts: 117 OS: XP SP2	Re: Need help forwarding ports (tunneling) from work to home ftp The easiest way to go about this would be to get port 22 opened on the firewall if you can. Blocking secure, source traffic is pointless to me but I guess corporate policy makers have their reasons. If you had the resources, you could setup a vpn connection to your home network. These ports would need to be open on the firewall: IPSsec tunnels use port 500/udp, as well as port 50 for Encapsulation Header (ESP), and/or port 51 for Authentication Header (AH). __________________ - petronius "Do you see what happens, Larry?"

12-18-2007, 01:49 PM	#3 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 31,468 OS: XP-Pro, Vista, Linux Blog Entries: 1	Re: Need help forwarding ports (tunneling) from work to home ftp OTOH, screwing around and trying to bypass corporate network restrictions may have you looking for a new job. Something to consider... __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

12-18-2007, 04:20 PM	#5 (permalink)
dscro Registered User Join Date: Dec 2007 Posts: 3 OS: WinXP, Linux (Mandrake), Mac OS 10.4	Re: Need help forwarding ports (tunneling) from work to home ftp Well, OK I've already asked. The system administrator knows that I can currently ssh on port 22 using Putty from my windows machine to the free BSD server which has outside access on port 22. So there's no secret. I have command line access to my home server already and that is just fine with them. They just don't want to make changes. If I can find a way to do it with the current configuration, no one will mind. I can live with the command line access, it's just the fact that I have to scp every file twice that's annoying. By the way, sorry for the double post.