[Novalug] determining where a port is blocked

DonJr djr1952 at hotpop.com
Wed Nov 14 08:56:14 EST 2007 

On Wed, 2007-11-14 at 07:29 -0500, gregory pryzby wrote:
> What am I missing or not communicating?
> 
> From what I can tell, only port 22 is getting to imap.pryzby.org
>
> on laptop.pryzby.org (somewhere on the web)
>    ssh -2 -L 143:imap.pryzby.org:22 (since on 22 is allowed in)
>    MUA uses 127.0.0.1:143
> on imap.pryzby.org
>    have imapd listen on 22
> 
> And now NO ssh shell access, correct?

You would set the above combo up this way:
  On imap.pryzby.org
    sshd  is setup the default way listing for connection to port 22
    imap  the imap server is setup to listen to port 143

 So that user at imap.pryzby.org can do the following:
    imap://user@127.0.0.1/mailbox[1]  # and the user can see there mail 
 
and the can open a ssh shell locally if the wish with default syntax:
     ssh user at 127.0.0.1

NOW for the LAPTOP{.PRYZBY.ORG} user:
  They would first open an ssh connection this way:
    ssh -2 -N -L 143:127.0.0.1:143  imap.pryzby.org
      { If they DON'T also want shell access, also. }
   Or
    ssh -2 -L 143:127.0.0.1:143  imap.pryzby.org
     {if the WANT a shell.}     # the difference is the '-N' option

Either way on the LAPTOP once one or the other ssh connection was
connected to talk to the IMAP server running on imap.pryzby.org you
would simply access as if the imap server was {now} running on the
localhost(laptop) (ie):
   imap://greg@127.0.0.1/mailbox

Do note that by default on Linux based systems only root can open a
listening port below 1024 and the is why it common to use 1143 to
forward imap service so you would normally use the following combo:

 greg at laptop$  ssh -2 -L 1143:127.0.0.1:143  imap.pryzby.org

and to access the forward imap connection tell your mail client to use:
   imap://greg@127.0.0.1:1143/mailbox

Does this explain the setup more clearly?

It's possible to carry multiply{word} streams of data over one ssh
connection.

For even more details {and also a few pretty pictures} see:
  "SSH Port Forwarding"
<http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_11/index3.html>

Or Google on: ssh imap forwarding mutt
and take your pick.

--  
-- 
 Don E. Groves, Jr. 

$ /usr/games/fortune : 
ROMEO: Courage, man; the hurt cannot be much. 

MERCUTIO: No, 'tis not so deep as a well, nor so wide 
as a church-door; but 'tis enough, 'twill serve.

More information about the Novalug mailing list