Henry Kupets wrote:
> Hello,
>
> I'd appreciate if somebody could suggest me how to configure SSH to
> bypass a firewall restrictions.
>
> I have a host (Oracle app.server) in DMZ that I need to access through
> HTTP on port 1810 from the Windows PC that resides inside the LAN. The
> firewall does not allow traffic through port 1810 but allows traffic
> through port 9000. (When I point the browser to http://appserver:1810 it
> returns "The page cannot be displayed").
> I was trying to set up port forwarding on the app.server using:
>
> 1) Changed sshd_config on the app.server (AllowTcpForwarding yes)
> 2) Ran on the app.server: ssh -g -L 9000:appserver:1810 appserver
>
> It's not working. I can see in the firewall log that it allows the
> first packet to go to the app.server on port 9000 and it drops the
> second packet that goes for some reason to the app.server on port 1810.
>

The HTTP protocol is not ssh port fwding friendly.

> Am I missing anything?
>
> Thanks,
> - - - - - - - - - -
> Henry
>


app.server being a linux (?), I think it may be worth trying to use an
iptables rule instead of ssh fwding (but needs root privileges):
# iptables -t nat -A PREROUTING -s your-work-station -d appserver -p tcp
--dport 9000 -j REDIRECT --to-port 1810

another idea:
on appserver:
# ssh -D 9000 -g appserver
then configure appserver:9000 as a socks proxy server in firefox on your
workstation.

Regards,
Pierre