SSHing to my computer that's behind a campus firewall...

[hjlane3]

Ok here's a problem I have. I currently have my pc hooked up in my dorm room that is connected to the campus network. Now i'm frequently somehwere else on campus with my wireless laptop on the school netwok too, and want/need to grab some files off my pc (papers, research, etc.). Thing is, they seemed to be firewalled from each other. I can't log into my PC from my laptop that's on the wireless side. IS there a way I can log into my pc from the wireless connection, even though the pc is behind a firewall? In the goodling i have done it seems tunneling might be my answer, but i'm not quite sure what it is or how it would apply here. Can someone enlighten me on this subject, and explain it to me?
Thanks in advanced.

-HJ
_________________
I wish hell would freeze over already.
EDIT: w00t, it has!

[zeky]

You wan't get pass your firewall if ports for ssh are closed. What about using a VPN? Just a thought...
_________________
Beat your dick like it owes you money

[ramon]

[zeky]

[OdinsDream]

[ramon]

[OdinsDream]

Mostly my antectode was meant to point out that I did indeed have a service (http) running on two ports.

I also mentioned that I did the same thing for the sshd service, running it concurrently on 22 and 2222.

Of course, there's no need to run it on anything but 2222 (or whatever) if you're fine with that.
_________________
s/(?<!gnu\/)linux(?! kernel)/GNU\/Linux/gi

Don't blame me. I didn't vote for him.

http://john.simplykiwi.com

[andrew_j_w]

[ozonator]

[hjlane3]

How can I see what port are open? As far as I can tell, none of them are...
_________________
I wish hell would freeze over already.
EDIT: w00t, it has!

[BradN]

What kind of IP address do you get? i.e., is it a public IP address, or a private one (10.*.*.* or 192.168.*.* or a couple others) that is only accessible on the local network to begin with?

If it's a private one, you won't have any way to get incoming connections, and if you really need remote access, you'd have to rig it up to try to connect to something every so often and forward a shell connection or some such... You might look into using dyndns.org or a similar thing to set as the target (so you can change it remotely) for the outgoing connections. I don't really know the specifics of how you'd set it up, but it's an idea at least.

If you have a public IP address, you'd just have to think of what sort of ports they would allow to be open... perhaps stuff for some games or things like that? Is there some communication software that needs a port open locally? I don't know. There must be some stuff open, otherwise they wouldn't waste the expense of providing you with public IP addresses.

[hjlane3]

I do get a public IP ( 155.31.*.* )...
_________________
I wish hell would freeze over already.
EDIT: w00t, it has!

[ponds]

Just scan your IP block ( all IPs in XXX.XXX.XXX.* ), and see if you can find ports that consistantly have servers of different kinds running on them. That port will likely be open.


For me it was 113.

[ozonator]

Since your earlier post indicated you might be wondering, likely the best tool for portscanning is nmap. Another option is hping.

Depending on whether or not your network has a policy regarding whether or not portscanning is allowed, you may want to, uh, scan gently. For example, scan only a small range of ports and/or machines at a time, possibly in combination with an option like nmap's "-T Sneaky".

You could also just make a guess about which port(s) might be open (113, auth, isn't a bad guess; others might be easy to guess based on what servers might be allowed -- anyone running game servers open to the world? ask around). Then, run sshd on that port, and try connecting. If it doesn't work, however, trial and error likely will cease to be fun pretty quickly. Best of luck.

[ramon]

[sawanv]

If you wish to see the current stat of your firewall:

[scout]

At school I pass the firewall by using the socks5 server which is meant for ICQ: I use the tsocks package and told my "home" computer to forward port 5190 (ICQ) to 22 . That's not authorized but they didn't see it yet. you might also check httptunnel or corkscrew (not in portage) if you want to pass through a http proxy; but all this works only if these proxy let you access your dorm room computer.
_________________
http://petition.eurolinux.org/ - Petition against ePatents
L'essence de la finesse

[thepeel]

If both computers were on all the time, you could initiate a reverse ssh session from within the firewall. Then once outside you could ssh through the intiated tunnel and access everything behind the firewall. This could be done in a similiar manner like this:

ssh -R 22:localhost:<ip outside firewall>:22 -l <user>
enter in the password
Yay, you have a ssh tunnel ready to go. You might need to disable some timeout values in the /etc/sshd_config file. I don't know anything about that though.

Then from the computer on the outside ssh to localhost. This connection will then be tunneled through the existing ssh session and into the internal network.
_________________
A nation that limits freedom in the name of security will have neither. - Thomas Jefferson

[dma]

[professorn]

Ever considerd to talk to the admin(s)?

[garn]

at my school dorms have 172.16 ips, which are internal, and the wireless interent is another network of 172.16s. So I can't ssh from my top to my box in my room directly. What I did is I leave an ssh connection open to the ftp server here (which has an external ip) that forwards a port to my port 22.

ssh user@host -R2222:localhost:22

then i ssh user@host -p2222 from the laptop

However this requires having an ftp server or something with an external ip to use.