October 23rd, 2003, 12:20 AM
Ahhh..... Now we get to the crux of the matter..... Why didn't you ask this in the first place? Then a whole bunch of people wouldn't have been "shooting in the dark".
i'm going to try to set up a http/mail/ftp proxy on a old slack box. i shouldn't have a problem setting up the ssh to listen for my client (on standard or non-standard port) what i need clarification w/ is
1. when the ssh makes the request on behalf of my client. how can it identify the requested service (how can ssh determince if i need mail or to browse)
2. if you guys say that the outbound port in regular straigtforward connection is "randomly" choosen...
a) does that hold true for all services (ftp, http, snmp)?
b) if so, will shh choose randomly too or will it use the same socket for all services?
c) if not, can i make choose randomy like a true browser
d) if not, can i set certain outbound ports
3. will every server understand ssh encryption?
4. will i be able to run java, shockwave, active x and everything else as in straight connection
Hopefully someone can now give you a definitive answer to your questions..... 'Cos I can't....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
October 23rd, 2003, 01:55 AM
How will that be any different other than adding an additional step? No matter what, the source port will be on a different high port and the connections on the destination will be on the IANA assigned (typically) port for the listening service. If your statement was correct, each connection would hit a different destination port. So then, a web server would accept one connection on 80, then another on 81 and so on? That is laughable.
I think it would be better proved to open one do netstat close it then do the other. Because if you do them at the same time it has to be a different port so that doesn't prove anything.
Here is a little something to educate yourself. Think before you post.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
October 23rd, 2003, 02:31 AM
I meant that if you had two browsers opened connected to a site wouldn't they have to use different local ports because you can't do two things from the same port. I guess I could be wrong there because the web server serves thousands of clients from the same port with no problem. I was just under the impression that if a local port was already in use then a different one would have to be used whereas, if you connected to the site once and did netstat to see the local port being used, then closed that connection thereby freeing up that local port again, and then you opened up another connection and did netstat again only doing one at a time, that would show better that the ports are random and not the same each time, given that you would have to use a different local port if the one you wanted was already in use. Did that make sense or does anyone see my point. i could be wrong though, if so just ignore me.
Just my 2 cents
October 23rd, 2003, 03:39 PM
does anyone know if the ssh chooses random outbound ports as well.. pls, pretty pls
i\'m the guy who bitched out a girl about writting poems in General Chat... Now everyone thinks I hate women and that I\'m gay ... live and learn ... hehe
October 23rd, 2003, 05:10 PM
Yes it does, I just tested it and the first connection used 46767 and the second used 40775.
October 23rd, 2003, 07:46 PM
I'm not exactly sure what you are trying to do here. You can use ssh to tunnel other protocols but the remote server must have a sshd listening and allow port forwarding. I'm not sure what you mean using your slack box as a proxy with ssh because although you could tunnel the traffic between your client and your slack box, any traffic leaving the slack box will not be encrypted so you are only encrypting data in your internal network. If the remote server you are trying to reach has a sshd running you dont need the slack box at all and can simply tunnel the traffic to the remote machine directly. If I've misunderstood you or you would like me to elaborate let me know.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier