[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] SSH tunnel port forwarding through ISA proxy?

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] SSH tunnel port forwarding through ISA proxy?
From: Grant Sewell <dcglug@xxxxxxxxxxxx>
Date: Sun, 23 Nov 2008 09:40:24 +0000

Bill wrote:

Hi Grant,

I can see why you might be puzzled as to why smtp would be any different to the imap traffic, i know i am! have you tried a telnet test to you port forward localhost 26?( telnet localhost 26 )

You could also check the output from ssh -v -L .......
It might be having a problem putting the tunnel in place

Bill

Hi Bill,

The confusing part for me is why the forwarding of local:26 to remote:25 through my ssh tunnel doesn't seem to work when using PuTTY through an MS-ISA proxy even though the forwarding of local:143 to remote:143 does (through the same tunnel). OK, forget the proxy - I just managed to recreate the problem without being at College. I used the same PuTTY profile as I do when I'm at College, but removed the proxy information. It brought up a command-line fine, imap works fine but smtp still doesn't.

Here's my "sudo nmap -v localhost"
Starting Nmap 4.53 ( http://insecure.org ) at 2008-11-23 09:20 GMT Initiating SYN Stealth Scan at 09:20 Scanning localhost (127.0.0.1) [1714 ports] Discovered open port 25/tcp on 127.0.0.1 Discovered open port 22/tcp on 127.0.0.1 Discovered open port 26/tcp on 127.0.0.1 Discovered open port 445/tcp on 127.0.0.1 Discovered open port 139/tcp on 127.0.0.1 Discovered open port 143/tcp on 127.0.0.1 Discovered open port 5432/tcp on 127.0.0.1 Discovered open port 5900/tcp on 127.0.0.1 Discovered open port 631/tcp on 127.0.0.1 Completed SYN Stealth Scan at 09:20, 0.15s elapsed (1714 total ports) Host localhost (127.0.0.1) appears to be up ... good. Interesting ports on localhost (127.0.0.1): Not shown: 1705 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 26/tcp open unknown 139/tcp open netbios-ssn 143/tcp open imap 445/tcp open microsoft-ds 631/tcp open ipp 5432/tcp open postgres 5900/tcp open vnc Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.265 seconds Raw packets sent: 1714 (75.416KB) | Rcvd: 3437 (144.372KB)
So nmap shows that local is accepting connections on :26, but it can't identify the service. Incidentally, the output is identical, even when it does work.

"telnet localhost 25" gives this:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 hplaptop ESMTP Exim 4.69 Sun, 23 Nov 2008 09:26:55 +0000
Whereas "telnet localhost 26" gives:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host.
When using the command-line version (and therefore 26 --> 25 port forwarding works), it gives this:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 server.thymox.co.uk ESMTP Exim 4.63 Sun, 23 Nov 2008 08:49:37 +0000
I've attached the saved Wireshark data from an unsuccessful connection to localhost:26, in case it is of any interest.

Cheers.
Grant.

+---------+---------------+----------+
09:34:36,754,044   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|10|00|3c|21|0c|40|00|40|06|1b|9e|7f|00|00|01|7f|00|00|01|a1|4f|00|1a|d1|e9|e9|d8|00|00|00|00|a0|02|80|18|69|87|00|00|02|04|40|0c|04|02|08|0a|00|05|c8|d4|00|00|00|00|01|03|03|07|

+---------+---------------+----------+
09:34:36,754,101   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|00|00|3c|00|00|40|00|40|06|3c|ba|7f|00|00|01|7f|00|00|01|00|1a|a1|4f|d1|03|fc|5b|d1|e9|e9|d9|a0|12|80|00|d3|54|00|00|02|04|40|0c|04|02|08|0a|00|05|c8|d4|00|05|c8|d4|01|03|03|07|

+---------+---------------+----------+
09:34:36,754,136   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|10|00|34|21|0d|40|00|40|06|1b|a5|7f|00|00|01|7f|00|00|01|a1|4f|00|1a|d1|e9|e9|d9|d1|03|fc|5c|80|10|01|01|bb|78|00|00|01|01|08|0a|00|05|c8|d4|00|05|c8|d4|

+---------+---------------+----------+
09:34:36,827,625   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|00|00|34|34|88|40|00|40|06|08|3a|7f|00|00|01|7f|00|00|01|00|1a|a1|4f|d1|03|fc|5c|d1|e9|e9|d9|80|11|01|00|bb|66|00|00|01|01|08|0a|00|05|c8|e6|00|05|c8|d4|

+---------+---------------+----------+
09:34:36,827,750   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|10|00|34|21|0e|40|00|40|06|1b|a4|7f|00|00|01|7f|00|00|01|a1|4f|00|1a|d1|e9|e9|d9|d1|03|fc|5d|80|10|01|01|bb|52|00|00|01|01|08|0a|00|05|c8|e7|00|05|c8|e6|

+---------+---------------+----------+
09:34:36,827,862   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|10|00|34|21|0f|40|00|40|06|1b|a3|7f|00|00|01|7f|00|00|01|a1|4f|00|1a|d1|e9|e9|d9|d1|03|fc|5d|80|11|01|01|bb|51|00|00|01|01|08|0a|00|05|c8|e7|00|05|c8|e6|

+---------+---------------+----------+
09:34:36,827,907   ETHER
|0   
|00|00|00|00|00|00|00|00|00|00|00|00|08|00|45|10|00|34|00|00|40|00|40|06|3c|b2|7f|00|00|01|7f|00|00|01|00|1a|a1|4f|d1|03|fc|5d|d1|e9|e9|da|80|10|01|00|bb|51|00|00|01|01|08|0a|00|05|c8|e7|00|05|c8|e7|

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] SSH tunnel port forwarding through ISA proxy?
- From: Bill

References:
- [LUG] SSH tunnel port forwarding through ISA proxy?
  - From: Grant Sewell
- Re: [LUG] SSH tunnel port forwarding through ISA proxy?
  - From: Bill

Prev by Date: Re: [LUG] SSH tunnel port forwarding through ISA proxy?
Next by Date: Re: [LUG] C++
Previous by thread: Re: [LUG] SSH tunnel port forwarding through ISA proxy?
Next by thread: Re: [LUG] SSH tunnel port forwarding through ISA proxy?
Index(es):
- Date
- Thread