> On Fri, 7 Jul 2000, Theo Van Dinter wrote:
>
> > On Thu, Jul 06, 2000 at 10:13:16AM -0500, [EMAIL PROTECTED] wrote:
> > > I CAN'T connect to machine "C" from machine "A", however, and I suspect
>that
> > > it is our corporate firewall that is to blame ... here is a transcript of
>the
> > > failed session:
> >
> > more than likely.
> >
> > > debug: Allocated local port 832.
> >
> > w/ firewalls, always use the -P (non-priv port) option
>
> I tried the "-P" option, and got the exact same results.
>
>
> > > $ telnet B
> > > Trying xxx.xxx.xxx.xxx...
> > > Connected to B.our-corporate-domain
> > > Escape character is '^]'.
> > > hhhhh telnet proxy (Version 5.5) ready:
> > > tn-gw-> close
> > > Connection closed by foreign host.
> > >
> > > [tom@id tom]$ telnet B 22
> > > Trying xxx.xxx.xxx.xxx...
> > > telnet: Unable to connect to remote host: Connection refused
> >
> > why are you trying to connect to box B? shouldn't you be doing "telnet C
> > 22"? It doesn't matter if the firewall is connectable.
> >
>
> I was just trying to show that the B box (our corporate firewall)
> appears to be blocking port 22, and yes, I did try telnet C 22:
Trying to connect to B.22 just shows that B has nothing running on port 22. This
is completely different than blocking port 22. A router/firewall doesn't have to be
running anything on port 22 (or it could be). It can still pass or block packets
headed
for <any address>.22 or <outside addresses>.22 or <inside addresses>.22. It could be
set up to pass/block (filter) <from-to address combinations>.22.
So it could accept B.22 and deny <all others>.22. The filtering rules can be done
without
regard for what ports are being serviced by B. (Coordination would be nice BUT, not
necessary. i.e. - if they block B.80 then there is no point in running a default port
web
server on B but, you could ... it just wouldn't get any connections.)
Can you run sshd from your home (or some machine you can control) <machine D>? If so,
try starting it with "-p 22222" and then from work use "ssh <machine D> -P -p 22222".
That should tell you how heavily your corporate firewall is filtering things.
Paul
> $ telnet C 22
> Trying xxx.xxx.xxx.xxx...
> telnet: Unable to connect to remote host: Connection refused
>
> Tom
>
>
>
