How do I connect two machines that are both behind seperate firewalls

You got no control over the FW(s) you have no shot at it.

Duane :)

Reply to
Duane Arnold
Loading thread data ...

Here is my situation, I want to establish a connection between two machines via ssh, however both the target and destination machines are behind firewalls, neither of which I have any control over. I do however have complete control over both machines.

It is my understanding that if one side of the connection had a public address I would be able to initiate a connection from either the target or destination using some combination of ssh port forwarding and/or http tunnelling to get through the one firewall. However with firewalls on both sides neither side can initiate a connection since all incoming connections will be blocked.

I believe I need some sort of intermediary through which both machines can establish an outgoing connection and that will bridge the connection between both machines.

My first question is are there any free or relatively cheap services out there that will act as the intermediary? There seems to be tons of free dynamic DNS and web proxy services out there but I don't think these will be of any help to me.

Failing that my other option is to use CGI scripts hosted somewhere on my own public website that will act as the intermediary. Are there any CGI scripts out there that do this or something similar to this already? If I was going to write something from scratch in Perl, is it simply a matter of waiting for both ends to connect and than just passing the packets between them, with maybe some specified time-out period with no activity? The Net::HTTPTunnel CPAN modules looks promising.

Thanks,

-- Darrel Yurychuk

Reply to
Darrel Yurychuk

use hamahi,

formatting link

Uzytkownik "Darrel Yurychuk" napisal w wiadomosci news:zAE7f.309679$tl2.34937@pd7tw3no...

Reply to
reat

The first security question would be: Why not ask the network administrator? There is basically no secure solution to what you want to do, except to have a forwarding rule set up to accept incoming connections from that one IP address.

If you go through a 3rd party intermediary, you are opening yourself up to piggyback attacks.

What is the purpose of establishing the connections? Maybe there is an easier way to achieve your goal than through an SSH connection.

Reply to
Ryan P.

Why don't you have control over them? Are they not yours?

If they aren't, then screw you for trying to bypass security on someone else's network. E.

Reply to
E.

Initiate the TCP connection from both sides at the same time. More about this topic you'll find in RFC 793, 3.4 Establishing a connection.

If the firewalls are implementing NAT as an addition, then try to punch holes into it like i.e. skype does:

formatting link
If the firewalls are blocking outgoing SSH, too, then try to fake an SSL connection i.e. with corkscrew.

If this will not work, you have to use tunneling.

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.