[NTLUG:Discuss] ssh port forwarding revisted...

[Chris Cox]

Tom Woody wrote:

>I currently use ssh port forwarding for checking email on a server I control (set my pop client to check email on port 2110 which is forwarded to my mail server port 110) simple.  I also send email this way (send email on local port 2025 which is forwarded to mailserver port 25).  This works out very well and keeps my pop3 traffic secure.
>
>Now I want to expand this and I think I remember hearing about this from Madhat's presentation on ssh, but I have incomplete notes, and I haven't found any resources on the net with the info.  AT&T cable has pop3 email servers, but you cant access those servers except from the AT&T network - or by using strange port configs that I just don't want to have to deal with. So...
>
>I want to use ssh to forward a local port on my workstation here at work, to my firewall at home (running OpenBSD), where it would act as a pass through.  Is this even possible, I have looked for all I can for the ssh -R and ssh -L, but I can't find anything that gives any good information.
>
>for the ascii people out there  - 
>WorkMachine==============Home firewall------------------AT&T Mail servers
>                ssh                      normal pop3
>
>Let me know if its unclear what I am trying to do...
>
On WorkMachine... something like...

# ssh -2 -N -f -L 110:localhost:110 user at home-bsd-machine

(user here probably has to be root since 110 is involved... but I guess 
anything
is posible)

The local 110 port on WorkMachine should now be forwarding to
110 on home-bsd-machine via an SSH tunnel.

A more direct route, if you can hit 110 from your WorkMachine is to
use an SSL pop (spop) tunnel directly to mail.attbi.com....

# stunnel -c -d 110 -r mail.attbi.com:995

This would establish a 110 pop port that SSL tunnels to the secure
pop at attbi.com.  I access my AT&T email this way from work
all of the time.