[TriLUG] SSH port forwarding and netfilter

zzd zzd at nc.rr.com
Mon Aug 11 16:13:13 EDT 2003


On Monday August 11 2003 03:35 pm, B Smith wrote:
> Here's the question. Say I'm connecting to a remote IMAP server that
> also runs SSH, and I want to forward all of my traffic through an
> encrypted tunnel. From my local client I would issue something like
> this: ssh -2 -f  myaccount at remoteserver 3333:remoteserver:143 sleep
> 600 , and then redirect my local IMAP client to port 3333 on my on
> own machine. I'm curious as to what happens to the packets after sshd
> on the remote server gets them. Would they be decrypted and treated
> like any other packet arriving on the interface, going through all of
> the iptables rules and such?
> Thanks for the help.

We just did something similar to connect to a postgreSQl database using 
a ssh tunnel. Once the packets arrive on the other side of the ssh 
tunnel, the request looks like it is a local request, i.e. as if it 
were on a shell on the server connecting to the database. This was neat 
as we had the postgres security set to accept only those connections 
from the servers ip address, in addition to blocking port 5432 (for 
postgres) to the server.

IMAP(or some other protocol) would not function any differently, so any 
rules that you have set checking packets from the servers ip address 
would apply.

z



More information about the TriLUG mailing list