Hi Grant,
I can see why you might be puzzled as to why smtp would be any
different to the imap traffic, i know i am! have you tried a telnet
test to you port forward localhost 26?( telnet localhost 26 )
You could also check the output from ssh -v -L .......
It might be having a problem putting the tunnel in place
Bill
Grant Sewell wrote:
Hi all,
I have an awkward problem, but before I explain the problem I'll
explain how things should (and for the most part, do) work.
My server at home accepts incoming connections on :80 for http, :22 for
ssh, :143 for imap and :25 for smtp (there are some others, but these
are the ports of interest). It is kept behind a router performing NAT
and firewalling. The router forwards incoming connections on :80
--> server:80; :443 --> server:22[1]. I have Thunderbird on my
laptop with 2 profiles - home & away. When I'm at home,
Thunderbird talks directly to my server on :143 and :25. When I'm
away, I use port forwarding through an ssh tunnel. Here's the command:
gksudo -u root "ssh -L localhost:143:10.0.0.4:143 -L
localhost:26:10.0.0.4:25 -l gsewell -N -p 443 thymox.dyndns.org"
So, it is forwarding local:143 through the ssh tunnel and directing it
at 10.0.0.4:143 (and local:26 to 10.0.0.4:25[2]). My Thunderbird's
"away" profile respects this and uses local:143 and local:26 for imap
and smtp respectively. This works a treat in all bar one setting -
indeed, I am using it now to send this message to the list.
Now for the awkward bit - the "one setting" where it doesn't work.
Cornwall College. They have a "guests" WiFi (although you must still
have an account with the College to get through their proxies) which I
tend to use when I'm there (it saves having to try and find a spare
RJ45 socket). Once you've connected with the AP, you must configure
your proxy settings. Now, I don't bother doing this system-wide. When
I'm at College, I run Firefox with a "College" profile that uses their
proxy, and I run putty as root and that authenticates against the proxy
- everything else is left well alone. This works and I can get a
command-line fine. I have the ports forwarded as-per the attached
screenshot (or at
http://thymox.dyndns.org/~gsewell/Screenshot-PuTTY%20Configuration.png).
Port local:143 --> fileserver:143 works a treat and I get my emails
via imap nicely... but local:26 doesn't work.
And this is where I get confused. As far as I can see there should be
no reason why this fails. Clearly using the same settings from a
command-line when not at College works fine. Clearly the College don't
have any problems with the traffic going from my laptop to :443 of my
host. The College shouldn't even see my local:143 and local:26
connections as it doesn't involve anything other than the locally
installed TCP/IP stack, and once that's been involved, it just gets
sent via :443 like my command line does (which works fine).
It's thoroughly stumping me.
Next time I'm in College (should be Wednesday) I'll have another go and
include some Wireshark data. In the mean-time... anyone got any
thoughts?
--Grant
[1] I accept incoming :443 and forward to the server's :22 because the
College, in its infinite wisdom, only allow :80 and :443 outbound
traffic. You *can* use other ports, so long as the data accepts being
re-encapsulated into http and sent using one of those two ports. It
was easier to simply accept incoming on 443. :D
[2] When I first set this up I found that my laptop's own Exim was
listening on :25 which meant I would use another port. It matters not
though.
|