corporate firewall from an end user prospective

Key Phrases: ssh connection through firewall

corporate firewall from an end user prospective

I want to use SSH from work to my site. The issue is that at work the firewall blocks the outbound ssh port connections.

Newsgroups: gmane.linux.debian.user
Date: Fri, 9 Sep 2011
> The place that I work blocks standard outbound ssh (and ftp) port
> connections.

In an environment blocking most ports the https port 443 is almost always still allowed through. It is needed for so many things on the web that most sites can’t afford to block it. Because of this if you have your own server that isn’t running https then you can set up your own ssh daemon to listen on port 443. Then you can use port 443 to get out to your host. And from there you would have your own access. Many of us use that workaround.

Bob Proulx @proulx.com


corporate firewall from an end user prospective

> The place that I work blocks standard outbound ssh (and ftp) port
> connections. I'm wondering, for a "standard" corporate firewall practice,
> do they selectively block outbound ports, or do they selectively open
> them.

The “best practice” is deny all ports and open only needed outgoing ports. For a standard company only 80, 8080 for http and 443 for https should be opened.

> From an end user prospective, is there any way I can know which outbound
> port is not blocked that I can make use of?

if you wanna know which outgoing ports are open you will need a machine outside with some ports opened and make some try and error.

Quick & Dirty:

external.machine: nc -l 3000
internal.machine: nc external.machine 3000

And see if the socket is opened

Anyway if you wanna have ssh and ftp connection you can try to tunnelling ssh over https and ftp over https. There are some good howtos on this subject on the internet. I personally wrote one, written in “correct” Spanish:

<mode spam=on> http://www.elsotanillo.net/2006/08/howto-como-saltarse-un-proxy-para-establecer-conexiones-tunelizadas-a-traves-de-el-2/ </mode spam=on> :-)

Juan Sierra Pons @elsotanillo.net

documented on: 2011-09-10

% corporate firewall from an end user prospective

%% corporate firewall from an end user prospective

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s