Port forwarding with Putty - I'm stuck - SSH

This is a discussion on Port forwarding with Putty - I'm stuck - SSH ; My broadband service, provided by my ISP (Onetel in the UK), provides me a fixed IP address and gives me access to mail and newsgroups via the POP, SMTP and NNTP servers at my ISP. However, I can only use ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Port forwarding with Putty - I'm stuck

  1. Port forwarding with Putty - I'm stuck

    My broadband service, provided by my ISP (Onetel in the UK), provides me
    a fixed IP address and gives me access to mail and newsgroups via the
    POP, SMTP and NNTP servers at my ISP.

    However, I can only use these from the fixed IP address, so I'm unable
    to read mail at a WiFi hotspot for example, which I find most
    inconvenient. I was hoping to get to my ISPs mail servers via a UNIX
    workstation at home, so I appear to be at an IP address they accept.

    I'm not exactly sure what I should be doing here, but this is what I
    have done, and the results to date

    I've enabled port forwarding in the sshd config file of the UNIX box.


    If I log into the unix workstation (which is NAT'ed, but with a local IP
    of 192.168.0.10) and run this command:

    ssh -g -L 30119:news.onetel.net.uk:119 -L 30025:smtp.onetel.net:25 -L
    30110op.
    onetel.net:110 -L 30080:192.168.0.1:80 192.168.0.10

    it means the ISPs servers appear at ports 30119 (news), 30025 (smtp) and
    30110 (pop). So for example, if I telnet to port 30110, I see this:


    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    +OK Hello there.

    Is this what I should be doing?

    Now I think I need to tunnel those ports via ssh so I can get at them on
    my laptop.

    In putty, I have set up port forwarding, and have used

    Source port 30110
    Destination 192.168.0.10:30110

    then if I ssh to my UNIX box whilst on my home network, and set the mail
    server in Thunderbird on my laptop to be localhost on port 30110, I am
    able to send mail OK. But when I am at a remote location, this does not
    work, despite me changing the 192.168.0.10 to the public IP address.

    Should I set up forwarding both on the UNIX box (running that command
    above) and in putty on the laptop, or should Putty be able to do it all?









  2. Re: Port forwarding with Putty - I'm stuck

    On 2007-06-28, Dave wrote:

    > then if I ssh to my UNIX box whilst on my home network, and set the mail
    > server in Thunderbird on my laptop to be localhost on port 30110, I am
    > able to send mail OK. But when I am at a remote location, this does not
    > work, despite me changing the 192.168.0.10 to the public IP address.


    I notice "port 30110, I am able to send mail OK" but is POP3 involved
    in your *sending* of mail?

    Does the NAT allow your SSH traffic inbound from your remote location
    to he unix box?

    I expect you can improve on the description "does not work" by stating what
    does happen.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  3. Re: Port forwarding with Putty - I'm stuck

    all mail refused wrote:
    > On 2007-06-28, Dave wrote:
    >
    >> then if I ssh to my UNIX box whilst on my home network, and set the mail
    >> server in Thunderbird on my laptop to be localhost on port 30110, I am
    >> able to send mail OK. But when I am at a remote location, this does not
    >> work, despite me changing the 192.168.0.10 to the public IP address.

    >
    > I notice "port 30110, I am able to send mail OK" but is POP3 involved
    > in your *sending* of mail?


    I basically chose ports for services which were 30000 above normal
    values - hence pop3 is used at port

    > Does the NAT allow your SSH traffic inbound from your remote location
    > to he unix box?


    Yes, I can ssh to the box from a remote location. i.e. the router routes
    port 22 to the IP address of my Sun workstation (192.168.0.10). Not I
    have not routed any other ports to the Sun - only 22.
    >
    > I expect you can improve on the description "does not work" by stating what
    > does happen.
    >



    The mail or newsgroup clients appear try to connect to the server and do
    not give a connection refused message. This makes me think they are
    connecting to a server of some sort, since if I try another port, where
    I have made no attempt to forward ports, the mail client will report the
    connection is refused.

    I can't exactly recall what the settings were, but I did try to ssh to
    port 30110 of the laptop using an ssh client on the laptop, and I can
    log into the Sun workstation via that. (This is not what I want of
    course). This is suggesting that the mail client is probably connecting
    to an ssh server and since they are not designed for that protocol it
    can't do anything useful.

    I really don't know what should be entered into Putty - 3 semi-sensible
    possibilities include:

    1) Public IP of my Sun
    2) NAT'ed IP of my Sun
    3) Public IP of my ISP's mail server.


  4. Re: Port forwarding with Putty - I'm stuck

    In article <46830881@212.67.96.135> Dave writes:
    >
    >If I log into the unix workstation (which is NAT'ed, but with a local IP
    >of 192.168.0.10) and run this command:
    >
    >ssh -g -L 30119:news.onetel.net.uk:119 -L 30025:smtp.onetel.net:25 -L
    >30110op.
    >onetel.net:110 -L 30080:192.168.0.1:80 192.168.0.10
    >
    >it means the ISPs servers appear at ports 30119 (news), 30025 (smtp) and
    >30110 (pop). So for example, if I telnet to port 30110, I see this:


    Those forwardings are pointless, and trying to use them seems to be the
    cause of your problem.

    >In putty, I have set up port forwarding, and have used
    >
    >Source port 30110
    >Destination 192.168.0.10:30110
    >
    >then if I ssh to my UNIX box whilst on my home network, and set the mail
    >server in Thunderbird on my laptop to be localhost on port 30110, I am
    >able to send mail OK. But when I am at a remote location, this does not
    >work, despite me changing the 192.168.0.10 to the public IP address.


    It should work if you *don't* use the public IP address. The
    "destination" part is interpreted and "carried out" on the sshd host,
    i.e. your Unix box, and in many/most NAT setups it's not possible to
    connect to the "public" IP address from within the NATed network.

    I.e. you could use the private IP address, or slightly better, use
    "localhost" and get rid of the -g on the ssh command line. But it's far
    better, and avoids the use of the "pointless" forwardings, to just tell
    putty what the actual destination is, i.e. pop.onetel.net:110 and so on.

    --Per Hedeland
    per@hedeland.org

  5. Re: Port forwarding with Putty - I'm stuck

    On 2007-06-28, Dave wrote:
    > all mail refused wrote:
    >> On 2007-06-28, Dave wrote:
    >>
    >>> then if I ssh to my UNIX box whilst on my home network, and set the mail
    >>> server in Thunderbird on my laptop to be localhost on port 30110, I am
    >>> able to send mail OK. But when I am at a remote location, this does not
    >>> work, despite me changing the 192.168.0.10 to the public IP address.

    >>
    >> I notice "port 30110, I am able to send mail OK" but is POP3 involved
    >> in your *sending* of mail?

    >
    > I basically chose ports for services which were 30000 above normal
    > values - hence pop3 is used at port


    But POP3 is normally used to read mail, not to send it. After diverting
    port 30110 I think you needed to test reading mail from the ISP. Similarly
    after changing 30025 test sending it. I'd say the above stage of testing
    is incomplete.

    > The mail or newsgroup clients appear try to connect to the server and do
    > not give a connection refused message. This makes me think they are
    > connecting to a server of some sort, since if I try another port, where
    > I have made no attempt to forward ports, the mail client will report the
    > connection is refused.
    >
    > I can't exactly recall what the settings were, but I did try to ssh to
    > port 30110 of the laptop using an ssh client on the laptop, and I can
    > log into the Sun workstation via that. (This is not what I want of
    > course). This is suggesting that the mail client is probably connecting
    > to an ssh server and since they are not designed for that protocol it
    > can't do anything useful.


    Connecting to a port using telnet or netcat is likely to reveal a bit more.

    > I really don't know what should be entered into Putty - 3 semi-sensible
    > possibilities include:
    >
    > 1) Public IP of my Sun
    > 2) NAT'ed IP of my Sun
    > 3) Public IP of my ISP's mail server.


    And the ever-popular localhost, if it's a value used at the far end.
    I'm unfamiliar with PuTTY's forwarding details.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  6. Re: Port forwarding with Putty - I'm stuck

    Per Hedeland wrote:

    > It should work if you *don't* use the public IP address. The
    > "destination" part is interpreted and "carried out" on the sshd host,
    > i.e. your Unix box, and in many/most NAT setups it's not possible to
    > connect to the "public" IP address from within the NATed network.


    Thank you for that.

    > I.e. you could use the private IP address, or slightly better, use
    > "localhost" and get rid of the -g on the ssh command line. But it's far
    > better, and avoids the use of the "pointless" forwardings, to just tell
    > putty what the actual destination is, i.e. pop.onetel.net:110 and so on.



    OK, although I can't test this remotely at this minute, I removed the
    pointless port forwarding on the Sun, and entered into Putty:

    Source port 30025 Destination smtp.onetel.net:25
    Source port 30110 Destination pop.onetel.net:110
    Source port 30119 Destination news.onetel.net.uk:119


    then set the SMTP, POP3 and NNTP servers in Thunderbird to be respectively:

    localhost:30025
    localhost:30110
    localhost:30119

    I'm able to uses these services properly when on the local LAN, when I
    SSH to the NAT'ed IP address (192.168.0.10) but I've yet to try from a
    remote location when connecting via SSH to my public IP. But hopefully
    that will work. I'll post results when I have them.


  7. Re: Port forwarding with Putty - I'm stuck

    Dave wrote:
    > My broadband service, provided by my ISP (Onetel in the UK), provides me
    > a fixed IP address and gives me access to mail and newsgroups via the
    > POP, SMTP and NNTP servers at my ISP.
    >
    > However, I can only use these from the fixed IP address, so I'm unable
    > to read mail at a WiFi hotspot for example, which I find most
    > inconvenient. I was hoping to get to my ISPs mail servers via a UNIX
    > workstation at home, so I appear to be at an IP address they accept.
    >
    > I'm not exactly sure what I should be doing here, but this is what I
    > have done, and the results to date
    >
    > I've enabled port forwarding in the sshd config file of the UNIX box.
    >
    >
    > If I log into the unix workstation (which is NAT'ed, but with a local IP
    > of 192.168.0.10) and run this command:
    >
    > ssh -g -L 30119:news.onetel.net.uk:119 -L 30025:smtp.onetel.net:25 -L
    > 30110op.onetel.net:110 -L 30080:192.168.0.1:80 192.168.0.10

    I'm not sure if I understand what you want to do but if you only want to
    do some local port forwarding.. you do *not* need this step above. Only
    creating the tunnel from Putty for the server is enought..

    [snip]
    >
    > Now I think I need to tunnel those ports via ssh so I can get at them on
    > my laptop.

    Yes.. for sure
    >
    > In putty, I have set up port forwarding, and have used
    >
    > Source port 30110
    > Destination 192.168.0.10:30110

    Whitout making the tunnel in the server directly .. here you only have
    to do like these local port forward for the session that connect on
    192.168.0.10:
    Source port: 30110
    Destination: pop.onetel.net:110
    +
    Source port: 30025
    Destination: smtp.onetel.net:25
    +
    Source port: 30080
    Destination: 192.168.0.1:80
    >
    > then if I ssh to my UNIX box whilst on my home network, and set the mail
    > server in Thunderbird on my laptop to be localhost on port 30110, I am
    > able to send mail OK. But when I am at a remote location, this does not
    > work, despite me changing the 192.168.0.10 to the public IP address.

    The same thing here... but like someone else told you on another port..
    you have to setup Thunderbird so use the smtp address "localhost" port:
    30025.
    > Should I set up forwarding both on the UNIX box (running that command
    > above) and in putty on the laptop, or should Putty be able to do it all?

    like I said, only with putty is enought... but using the right
    destination address..


    --
    Martin

  8. Re: Port forwarding with Putty - I'm stuck

    Dave wrote:
    > Per Hedeland wrote:


    > OK, although I can't test this remotely at this minute, I removed the
    > pointless port forwarding on the Sun, and entered into Putty:
    >
    > Source port 30025 Destination smtp.onetel.net:25
    > Source port 30110 Destination pop.onetel.net:110
    > Source port 30119 Destination news.onetel.net.uk:119
    >
    >
    > then set the SMTP, POP3 and NNTP servers in Thunderbird to be respectively:
    >
    > localhost:30025
    > localhost:30110
    > localhost:30119
    >
    > I'm able to uses these services properly when on the local LAN, when I
    > SSH to the NAT'ed IP address (192.168.0.10) but I've yet to try from a
    > remote location when connecting via SSH to my public IP. But hopefully
    > that will work. I'll post results when I have them.
    >


    Just to confirm, in case anyone else reads this at a later date, setting
    those as stated, and nothing on the Sun (apart from allowing port
    forwarding in the sshd_config file, this works. I'm sending the from a
    hotel, but my ISP is not aware of it, since I'm going via my Sun
    workstation at home.


  9. Re: Port forwarding with Putty - I'm stuck

    Martin Gagnon wrote:

    > Source port: 30110
    > Destination: pop.onetel.net:110
    > +
    > Source port: 30025
    > Destination: smtp.onetel.net:25


    That is working fine now, with the configuration only done in Putty.
    I've managed to receive email and newsgroups and mail appears to be
    going out, although I've not confirmed for 100% sure it is OK.

    Receiving messages/ newsgroups posts is noticeably slower than a direct
    connection to the POP/SMTP/NNTP servers, but I guess that is not really
    surprising.


+ Reply to Thread