[NBLUG/talk] Any simple mechanism to control devices behind firewalls without port forwarding?

Omar Eljumaily omar at omnicode.com
Mon Feb 16 09:56:49 PST 2015


Eric, thanks.  I believe ssh tunnels will work.  I think I also need to 
use iptables for local forwarding to and from the actual device from the 
ssh tunneling machine.   I don't know, though, because obviously I'm 
unfamiliar with ssh tunneling.

Thanks,

Omar


On 2/13/2015 8:36 AM, Eric Eisenhart wrote:
> Omar,
>
> Ssh can run tunnels, both specific (port forward) and generic (SOCKS 
> proxy).
>
> On Fri Feb 13 2015 at 6:25:19 AM Omar Eljumaily <omar at omnicode.com 
> <mailto:omar at omnicode.com>> wrote:
>
>     Thanks Robert.  The device doesn't support running processes on it. My
>     understanding of ssh is that it can run shell based processes, but not
>     generic tunnels.  pptp or ipsec would work, but that would involve
>     modifying the host firewall in a way that his more complex than then
>     port forward.
>
>     Thanks,
>
>     Omar
>
>
>     On 2/12/2015 4:26 PM, Robert P. Thille wrote:
>     > On 02/12/2015 01:57 PM, Omar Eljumaily wrote:
>     >> I have to put a device behind a firewall, and they don't know
>     how to do a port forward at the site.  I don't think they want me
>     to mess with their firewall
>     >> either.  The device supports SNMP apparently.
>     >>
>     >> I was thinking that I could rig something up where I put in an
>     intermediary device on their network that sends messages out every
>     minute or so talking to a
>     >> server that will relay messages back to the device. Once I get
>     a hit at the server, the messages can go faster than once a minute.
>     >>
>     >> Is there anything that does this already?  It seems like it
>     would be handy since there are an increasing amount of monitoring
>     devices that people want
>     >> installed and controlled, and I don't think people want to
>     punch a hole in their firewalls for each device.
>     > You could have a process on the device behind the firewall which
>     periodically checks for messages at a queue outside the firewall.
>     >
>     > Or, if the device doesn't allow that, you can use the 3rd device
>     idea. But you could use an SSH tunnel instead of what you
>     described and have basically full
>     > network access to the device.
>     >
>     > Robert
>     >
>
>     _______________________________________________
>     talk mailing list
>     talk at nblug.org <mailto:talk at nblug.org>
>     http://nblug.org/cgi-bin/mailman/listinfo/talk
>
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nblug.org/pipermail/talk/attachments/20150216/34f8dd40/attachment.html>


More information about the talk mailing list