Is there a solution to this network problem?

[game_over]

Is it possible to access SSH/FTP through port tunnelling or proxy or something?

I'm not exactly sure what i'm asking for but the problem i'm facing is: i want to access my home NAS (linux) box from work. However my works proxy is pretty much locked down i can't ftp, ssh, ftps.. everything is pretty much blocked.

I can WebDAV into the box, as expected as this is port 80.. so is there any way i can access ssh/ftp over port 80? Obviously i can't listen on port 80 since it's already in use but i can change the ports to anything else not in use.

WebDAV would be suitable but since it treats all files like http requests it's hard to do web development from the box, if there is an error in the PHP file. then opening the file will just display the error, rather than the code. It's the same with .htaccess files and such, they are blocked from direct http access.

I'm not sure if either solution would be possible:

- Make WebDAV work like FTP... may be some apache configs or something?

- Port tunnelling or some sort of service to allow access to FTP/SSH over a proxy?

I don't need a lecture about trying to go outside of company networks, policies or going around firewalls. I manage the whole network it is the external firewalls whats blocking but the guys who manage it are a nightmare ignore emails and never get the job done. I've been complaining about FTP access for years as we struggle to update our own website, they say it should work, logs say otherwise.. They haven't given me full access to the proxy firewall, even though they should, i've given up trying and want to see if there is another method?

[+BudMan MVC]

And is 443 not open? Just use that port for your ssh/sftp access.

[game_over]

And is 443 not open? Just use that port for your ssh/sftp access.

I believe it is, however when i try to change port on NAS it says 'this port is reserved for other services'

I have disabled HTTPS/SSL but still doesn't work :(

[+BudMan MVC]

Who said anything about the NAS running on 443? Have you router forward 443 to 22. Use a different box to tunnel into your network, then access what you want over that tunnel. Use openvpn to your router/otherbox on 443, then connect to whatever you want, etc.

[+InsaneNutter MVC]

What router do you have? if you have one that runs Tomato or DDWRT you could run the SSH server on port 443 then forward ports to services running on your nas.

I do this as a quick and secure way of connecting to my home server.

[+BudMan MVC]

I use openvpn over 443 to my router, then I can access anything I want on my local network. What is nice about openvpn is you can even bounce it off a proxy if all they do is allow your proxy to access the internet.

Sure you can use ssh as your poor mans vpn, tunnel through it to what you want. If all you need is access to a couple of devices/services on the remote network that works fine. But its much easier when you have access to everything on the remote network without having to create specific tunnels through the ssh connection.

As to your ftp not working -- are you using active or passive? If your running through a double nat - ie your end and the remote end. And there is no helpers on the firewalls to change ports. Server not setup correctly to hand out its public ip, etc. etc. Then yeah you can have issues with that.

Can you not even get the control connection on port 21? Are you trying to use ftps? What ports?

Here is a good writeup on how active and passive ftp work, once you understand how the connections are made in each method it can help you figure out what is not setup correctly on your ftp server to allow access, etc.

http://slacksite.com/other/ftp.html

[game_over]

I have a rubbish Virgin Media SuperHub which is a NETGEAR VMDG480 so i'm not sure what capabilities it will have i'll check when i return home.

VPN will require some reading i'm not 100% on it never done it before however my NAS does have a VPN server capabilities no sure if that would help?

FTP i've tried passive and active;

Blocked logs just show this:

May 30 13:59:20  reject_Trusted/Internet LAN 1? 10.83.112.36 59277 81.100.2X7.XX 21 TCP[/CODE]

Also does this for 22.

[+BudMan MVC]

Where did you pull that log entry from? Your locations firewall/proxy?

Yeah never going to work if you can not connect to the control port. What nas do you have? If it has vpn, I would guess some proprietary vpn -- maybe its openvpn?

Would have to check the manual for your router - but if some modified device for use with a specific isp, they might have removed the bells and whistle type features. Not sure I would call forwarding port X to private ip port Y a bell or even a whistle. But yeah that would make it a bit more difficult if not there, would have to then change the actual listen port on the device running the service -- which might not be an option if some appliance type nas? Do you have any other PC or something you could use to run either SSH or openvpn? So for example you can pickup like a pogo for like $25.

[game_over]

Where did you pull that log entry from? Your locations firewall/proxy?

Yeah never going to work if you can not connect to the control port. What nas do you have? If it has vpn, I would guess some proprietary vpn -- maybe its openvpn?

Would have to check the manual for your router - but if some modified device for use with a specific isp, they might have removed the bells and whistle type features. Not sure I would call forwarding port X to private ip port Y a bell or even a whistle. But yeah that would make it a bit more difficult if not there, would have to then change the actual listen port on the device running the service -- which might not be an option if some appliance type nas? Do you have any other PC or something you could use to run either SSH or openvpn? So for example you can pickup like a pogo for like $25.

That log is from my works cachepilot/proxy from when i try to connect to anything except http/https on my works network.

I have a QNAP TS219P II and it has OpenVPN - the information on that: http://docs.qnap.com/nas/en/vpn_service.htm?zoom_highlightsub=vpn

My router definitely has some sort of port forwarding features.

[+BudMan MVC]

Well I would hope it have port forwarding ;) But can you forward port X to port Y is the question, this is not an uncommon feature - really should be standard type setup.. But you never know with these isp modified devices.

If your nas supports - the question is can you get it to listen on tcp port X vs the standard udp openvpn 1194 port.

If you can get it to listen and use tcp on 443 then you should be be good to go with openvpn setup.

[game_over]

I'm not sure here is the admin screens:

http://screenshots.portforward.com/routers/Virgin_Media/CG3101D/Port_Forwarding.jpg

http://1.bp.blogspot.com/-Het12XEXyVM/Tw24KPP0bBI/AAAAAAAAAcA/TCwzuTkPdR0/s1600/001%252520%25282%2529%255B3%255D.png

When i try to set OpenVPN Server port to TCP 443 on the NAS it says the same 'This port is reserved for other services' - That's so annoying considering i've disabled everything it uses.

[olger901]

Are you sure you're forwarding your ports properly? SImply tried rebooting or updating the firmware?

Next to that, I'm not sure whether you've got a consumer or business membership, but I suspect Virgin might be using the port for some sort of remote management of the router. Have you to just use tcp port 80 or tried using another router? I'd like to suggest using a router that can be flashed with DD-WRT or OpenWRT or a professional router with Cisco IOS (not the SOHO/SMB crap), because it offers advanced options and lets you mimic most requirements or special settings required by an ISP (not sure how closed down Virgin is).

Another 'dirty' solution would be using a reverse NAT based rule that would publish your data to another external (3rd party) service that offers access through the webbrowser in case you really need it, but securitywise this is generally not a good idea.

Another 'dirty' solution would be just to open a port on the router (not forwarding it to anything, if your router supports it), then connect to your router on that source port and sort of re-direct the traffic to another destination port (with an SSH client or some sort of client which would support it ofc).

[remixedcat]

some ISPs are blocking this for some reason... it could also be the router's firmware...

[game_over]

Yes forwarding ports correctly the NAS does it automatically as soon as i change port on a service it automatically updates on the router i've confirmed it works. rebooted yes firmware is latest.

i think VM use 8080 for remote.

I've tried connecting to VPN on some known unused ports but no joy at all, i need 443 but the stupid NAS won't take it.

I'm going to check on their support forums to see if there is a way to free it or change from the command line.

Other than that i think my only option is tunneling on port 80 or 443? to 22 or whatever on my NAS. but still struggling with this?

[+PeterUK MVC]

The SuperHub port forwarding is hopeless and does not support what you want for mapping external port to different internal port better to just get your own router really.

For tunnelling you could use FreeProxy.

http://www.handcraftedsoftware.org/index.php?page=download&op=getFile&id=2&title=FreeProxy-Internet-Suite