Find a good port to SSH out from while on a client behind the firewall?

sohcahtoa

I have in the past been able to SSH out from this client, which is behind a firewall, on port 22 and other non standard ports but today I am having trouble using 55555 and 22.

The firewall itself is not on the client, it's somewhere else on the network where I do not have access.

Is there a scan of some kind I can do to see which ports I would be able to SSH out on, if any?

Thanks

bhickey

Apart from ports 80 and 443 which will almost certainly be allowed, you might be able to guess from the applications that you know people are running at that site. It's also possible however that your particular computer's connection might have more restrictions applied to it than others, especially if you're only visiting the site.

sohcahtoa

Thanks

So does that also mean I could use say :80 because that will definitely be open? Also, since I won't have access to my SSH server until I've left here, is there anyway to test ports?

That is, I have to open the new ports to test on my firewall at home, and set the SSHD config to listen to them.

bhickey

sohcahtoa wrote: »

So does that also mean I could use say :80 because that will definitely be open?

If you can access websites then port 80 is open. If you want to try port 80 for your SSH purposes then you will have to change the SSH server at the other end to listen on port 80 and forward requests on port 80 to the server if it's behind a firewall.

Also, since I won't have access to my SSH server until I've left here, is there anyway to test ports?

Not easy as you'd have to check each port on some external service that you know for sure is listening on that port. Can you just ask one of the local IT guys which ports aren't blocked?

noclee

I setup my ssh server to listen on port 443 to access it out through the corporate firewall/proxy. 443 & ssh are both encrypted so no alarms should sound. On another hand you could also use port knocking with iptables.

Tks,
Noclee.

sohcahtoa

noclee wrote: »

I setup my ssh server to listen on port 443 to access it out through the corporate firewall/proxy. 443 & ssh are both encrypted so no alarms should sound. On another hand you could also use port knocking with iptables.

Tks,
Noclee.

Yeah port knocking is something I've been planning to look into, that said the problem here seems to be client side, rather than the ports on the SSHD because I have complete control over them.

ressem

If you're meant to be doing work at the site, it'd be polite and avoid misunderstandings for you to ask the IT personnel to add a firewall rule from IP A to IP B using service C for days D.

That's the rules that visiting auditors etc need to follow to allow them to connect to their office using Cisco VPN software etc.

FruitLover

bhickey wrote: »

If you can access websites then port 80 is open

Not necessarily - he could be going out via a web proxy.

OP, aside from taking ressem's advice above on board, try telnet-ing directly to a website and see if you're able to establish a connection.

sohcahtoa

The proxy that Firefox and IE automatically configure themselves with is dbprox45.office.local:8080

The version of IE installed doesn't have a SOCKS setting, but Firefox shows it as SOCKS 4.

I've entered these details into PUTTY but it still won't connect to the SSH server.

Tried port 22, 80, 8080, 443, 555, 55555 all with and without the proxy set, previously it worked fine with no proxy set on port 22.

NMAP won't install on this machine, probably because of the lack of admin rights.

Any suggestions how I can resolve this from the local machine without access to the Firewall or the ability to change any settings on it?

runswithascript

If one can access websites using a proxy, and even use the likes of an SSH java applet on a website to connect to a remote server, surely there is some way PuTTY can SSH out using the same source port and proxy?

runswithascript

A solution may be the HTTP and Telnet proxy options in PuTTY's settings rather than the SOCKS ones, and also for testing purposes connecting to an actual IP instead of a hostname to rule out the DNS lookup method as an issue.

noclee

Try proxy type none, ssh server would have to be listening on port 80 or 443 to pass through the proxy... I think 443 would be a better option.

Tks,
noclee

runswithascript

Okay firstly, let it be known I was the original poster but due to mostly reasons unrelated to this thread I could not access my account, although the fine boards.ie staff have remedied this for me.

Setting proxy type in PuTTY to none didn't help, which made sense because if I set a browser to none it can't view any webpages, although it used to be able to up until recently.

Fortunately setting the proxy type to HTTP did work! Huzzah! :pac:

Also, even though I don't have to enter a username and password for the on site proxy when using Firefox or IE normally, I did have to enter one in PuTTY for it to work, which happily turned out to just be my LAN username and password.

I can access Gmail now without any hitches, and Facebook seemed to work but most people's avatars were appearing as a small denied graphic, and even in Gmail where it was telling me I received a new friend request, the mail looked fine but the little avatar in the mail was that pesky 'denied' graphic!

What's-more, mousing over this icon in Facebook or Gmail showed a facebook.com address, so I can't understand why Foxyproxy with a set whitelist of *.facebook.com/* tunnels enough down SSH for the site to mainly load but not enough for these avatars, and other small graphics?

I then upgraded Firefox and Facebook has become even worse, and rolling back unfortunately didn't help, please see the attachment of a screenshot and offer suggestions if you have any.

The on site HTTP proxy is port 8080, and I use the same port to connect to my SSH server at home as I know users behind the firewall actively use that port out to access CPEs over SSL (https) all the live long day.

runswithascript

Anybody?

Might be some sort of DNS poisoning on the firewall as I've PuTTY connecting through the office proxy to access my SSH server at home?

runswithascript

Okay, after confirming I do in fact have 'perform remote DNS lookups on hostnames loading through this proxy' enabled in FoxyProxy, and setting network.proxy.socks_remote_dns to true in Firefox's about:config, Facebook now loads fully, and consistently when 'Use proxy 'SSH tunnel home' for all URLs' is enabled (or when it's the single proxy enabled in Firefox's default proxy settings).

The single remaining problem I have is getting it to work by pattern, as in I can set url wildcards for pages to be loaded automatically through one proxy or another.

Having a rule set for every domain visible in Tools > Page info > media (when on Facebook) doesn't do it.

i.e. *.facebook.com/*

http://static.ak.fbcdn.net/rsrc.php/z7/r/5875srnzL-I.ico <- many media sources like this for which I created the rule:

*.fbcdn.net/*

It of course picks up the pattern partially as about 5/10% of what should load on the page does so, but somehow I am missing the source of some of the media on Facebook because it's still being firewalled/DNS poisoned. Is there anyway I can detect the domains I need to add a pattern for when on Facebook?

accensi0n

Is this for something work related or are you violating security policies?

runswithascript

accensi0n wrote: »

Is this for something work related or are you violating security policies?

It's to see if it can be done smoothly.

They don't cover what I'm doing in the CCNA, but maybe you still have something to contribute?

As of today all websites previously inaccessible work fine including Facebook, but being done smoothly means switching proxy automatically by pattern, and there's something special about the block/DNS poisoning on Facebook that as of time of is writing preventing the fully automatic tunneling of every piece of media on that website in particular - see screenshot.

Spent the last hour or so analysing packets in and out with Wireshark when a connection to www.facebook.com is made, and once logged in.

runswithascript

Resolved and working when set to use one proxy for all URLs, and when set to detect which proxy to use by patterns *facebook* and *fbcdn*.

The issue was a corruption in Firefox portable causing it to undoing of my setting network.proxy.socks_remote_dns in about config to true. Reinstall fixed it.

Thank you all for input.