0

all. My college network somehow disallows incoming connections. (I can SSH out of the network, but not into it.)

I'm trying to set up an SSH tunnel from my school computer ("school") to a VPS "computer" ("outside") which is outside the school network.

I'm hoping to get to the point where I can do

ssh -p 3000 name@outside

and end up logged into name@school.

Here's how I'm trying to set up the remote port forwarding:

[name@school]$ ssh -R *:3000:localhost:22 outside

This command seems to work. (Running this with a -v flag gives

debug1: Remote connections from *:3000 forwarded to local address localhost:22
debug1: remote forward success for: listen 3000, connect localhost:22
debug1: All remote forwarding requests processed

which looks promising.)

However, when I follow up with a 

ssh -p 3000 name@outside

it doesn't work:

ssh: connect to host outside port 3000: Connection refused

I can open up a netcat on the outside server and listen at port 3000, then connect to it with netcat from my school computer--this works fine. If I try to make an SSH tunnel from, say, outside:3000 to school:2000, then try to connect with netcat to outside:3000, I get

nc: connect to outside port 3000 (tcp) failed: Connection refused

The procedure above fails also if I try it between two computers on the school network, so I'm pretty sure the problem is me and not the computers/network.

Many thanks in advance for your help! (edit: sorry, looks like this should go on serverfault?)

  • After resolving the port questions mentioned below you may want to try to connect by logging into the outside machine first and then ssh -p 3000 localhost and see how that goes. That will help track down where the connection is failing. –  Feb 06 '11 at 06:12
  • @Matt: ssh -p 3000 localhost (from the outside computer) works. ssh -p 3000 outside (from the school computer) doesn't. Thanks for the tip. –  Feb 06 '11 at 06:20

2 Answers2

0

The university's firewall is blocking the connection. This is common to prevent misuse and to stop malware from propagating servers via BotNet methods. This is the same reason why most universities block IRC, as it is commonly used to communicate data back to the master.

  • Also, try a different port. http://www.auditmypc.com/port/tcp-port-3000.asp will explain why. –  Feb 06 '11 at 06:08
  • I know they're at least blocking some things (like I can't ssh to my school computer from outside the school network), I'm not sure what all, exactly, or how. But I figure there must be a way to set up a tunnel to the outside world (as long as the tunnel is initiated from within the network). I hope, at least! And thanks for the port change tip, I picked a different one and it still doesn't work. –  Feb 06 '11 at 06:23
0

From your own comment that you can do ssh -p 3000 locahost and it works, your method is valid. Somewhere along the line your connection to that outside host is being blocked. It is possible that the school is for some reason blocking any outgoing traffic on port 3000, or there is a firewall/acl on the 'outside' host that is blocking the connection. Another remote possibility is that the ISP of that outside is blocking the connection.

Try connecting from another outside host to it and see if that works. If it does, then your school is blocking it (which would be really odd, but school networks generally are). Otherwise take a look at the firewall rules on that outside host to see if its blocking it. Unfortunately for that last case of the ISP blocking, theres no real easy way to tell if its the ISP blocking, or the machine itself.

phemmer
  • 5,909
  • 2
  • 27
  • 36