Dan Q

Tag: networking

How To Use SSH Tunnelling To Allow Services To Pass Through A Firewall

[this post has been partially damaged during a server failure on 11 July 2004; with the exception of the images, it was recovered on 13 October 2018]

Paul has been stuck with a problem of late – he’s now living in university accomodation, and he’s found that he can’t connect through the university firewall to his external mail server. I advised him that it’s possible to set up an ‘SSH Tunnel’ (through central.aber.ac.uk) to fix this problem, but he hasn’t met with much success (see his blog entry for more details). In any case, here’s my investigation (and solution) to the problem.

How To Use SSH Tunnelling To Allow Services To Pass Through A Firewall
In my example, I’m going to try the opposite to what Paul is trying to achieve. I’m going to try to allow my POP3 e-mail client to get access to the university e-mail server (pophost.aber.ac.uk). As things stand, this server is on the other side of the university firewall, and is inaccessible from outside. The server central.aber.ac.uk, however, is accessible from both sides of the firewall. So what I’ve got is this (yes, I know that this is a gross oversimplification):

As you can see, connecting from my home PC is futile:

C:\Documents and Settings\Dan>telnet pophost.aber.ac.uk 110
Connecting To pophost.aber.ac.uk...Could not open connection to the host, on por
t 110: Connect failed

But if I SSH-in to central.aber.ac.uk…

central:~ $ telnet pophost.aber.ac.uk 110
Trying 144.124.16.40...
Connected to pophost.aber.ac.uk.
Escape character is '^]'.
+OK mailsplit Oct 2000 ready

So, what I need to do is to tell my SSH client to connect to central.aber.ac.uk, and forward specific traffic through the firewall to the mail server. Here’s what I needed to know:

(a) A free TCP port number on my own computer from which I can virtually ‘pipe’ the connection. Most numbers over 1024 are fine. I chose ‘9110’.
(b) The name of the mail server – ‘pophost.aber.ac.uk’.
(c) The TCP port to which I wanted to connect – the standard port for a POP3 mail server is ‘110’.
(d) My user name on a server which: (1) I can connect to; (2) can connect to the server specified in (b). It happens to be ‘dlh9’.
(e) The name of the server specified in (d) (i.e. ‘central.aber.ac.uk’).
(f) My password on the server. Like I’m going to tell you that.

The syntax is:

ssh -L (a):(b):(c) (d)@(e)

I’m using the non-commercial version of SSH Secure Shell Client, so here’s what happens:

C:\Documents and Settings\Dan>"\Program Files\SSH Secure Shell\ssh2.exe" -L 9110
:pophost.aber.ac.uk:110 dlh9@central.aber.ac.uk
dlh9's password:
Authentication successful.

At this point, I’m ready to go. Look what happens when I connect to port 9110 on my own computer, now…

C:\Documents and Settings\Dan>telnet localhost 9110
+OK mailsplit Oct 2000 ready

I could simply point my e-mail program at the ‘mail server’ at localhost:9110, and I’d be able to collect my university e-mail (so long as my SSH connection remained open).

Hopefully this guide will help some folks out there who are struggling with this kind of thing, and in particular, help Paul.

Article posted at UTC on .

No comments

LORD II – Preston College Version

This document was shared on my college Intranet and via a hidden URL on my first website, on 11 December 1997. It was republished here on 22 March 2021. It provides instructions for players of the multiplayer DOOR game I adapted for local network play and the world I built within it for my friends to explore. The game world was an adaptation of our very own Preston College but transplanted to a fantasy realm.

LEGEND OF THE RED DRAGON II – Preston College Version

You have probably been given this sheet because you have requested a chance to take part in one of the most fast-moving and user-interactive multi user games on earth. I’ve spent a lot of time recently reprogramming Seth Able Robinson’s Bulletin Board System game, Legend Of The Red Dragon II (with his permission) to customise it and make it suitable for network play.

But – I’m sure this waffle is worthless to you; so here are the instructions you need:

To run the software:

Drop to an MS-DOS shell using the appropriate icon. Change to the ALEVEL.001 directory, if you’re not already there, by typing CD\ALEVEL.001. Type PC (abbreviation of Preston College) to start. You will be asked for your user name and password. These should be on a slip of paper attached to the foot of this sheet. Your password will be hidden from view for security.

Upon logging in for the first time you will see a menu from which you can choose to see the instructions, and other functions, or start the game. It is recommended that you read the instructions now, though do remember it is possible to get to them from the game by tapping ?.

Assuming you’ve discovered how to play, by one means or another, here is a list of some people and places in the game you might want to visit.

(Please note : The map of Preston College in the game is only representative, and not necessarily accurate. There is most definitely not a cult temple or a stone circle on campus…)

ENROLMENT

Until you have visited here you won’t have a membership card, which allows you access to much of the game. It’s one of the first places your character should visit.

STUDENT SERVICES

Right next door to enrolment, this cool office will buy junk that you don’t want any more from you.

THE BEASTMAN

Kevin Geldard, your computing teacher, lives in an office on the Ground Floor of the Main Building. Though he can be prone to rambling on and persistently saying “BEAST!” in the middle of otherwise sane-sounding sentences, he’s the key to a lot of the game world, and a valuable resource.

NETWORK SERVER

Found within the I.T. Block, this machine is the hub of all the computers in the college. With it it’s possible to really screw up somebody’s student record. However, it’s kept under lock and key.

VENDING MACHINES

Keep your eye out for these, as you can buy food and drinks from them. Different foodstuffs restore different quantities of Hit Points, so try them all (remember that some also have extra purposes beyond the obvious…)

MESSAGE BOARDS

Scattered around the college, these appear as a coloured section of wall. You can write messages on them to other players, to arrange trade, combat and other meetings.

SOUTHERN PATH AND SAVICK BROOK

This dirt path, found beyond the amphitheatre, is a dangerous land. Head to it to practice your combat skills, and earn a little money and experience while you’re at it. The brook is a barrier, protecting the campus from the Lands Of Chaos beyond. It is possible to cross the river at the bridge, but only the greatest warriors are allowed across.

TEMPLE OF NIG

The Disciples of Nig, a religious cult, have established themselves within the campus. Finding their temple will enable you to meditate there. Check the daily College Bulletin (by pressing D) to find out if the Disciples are celebrating a festival to determine if it is worth your while to go there.

STONE CIRCLE

It is believed that the black altar within this strange circle of standing stones is blessed with a power beyond that of this world.

REFECTORY

This safe haven is a land of protection from other players. Take refuge here to escape the blows of your enemies. Just remember that you need your Student ID Card to get in.

NESCAFE BAR

The place to hang out if you’re waiting for somebody. Right next to a message board, and with easy access to the main doors, you can settle down here if you don’t quite require the level of security the refectory provides.

Article posted at UTC on .

No comments