Every port is blocked at work

Toggle sidebar Toggle sidebar
L

lotharamious

Member
Feb 17, 2006
61
0
0
I have a problem where I want to RDP to my windows box at home from my work computer. I can get it to work fine using Hamachi, except that Hamachi keeps disconnecting/reconnecting every 30 minutes or so.

I want to use ssh, but I'm stuck for a few reasons. I can configure putty to use my work's proxy. This enables me to ssh directly into my university account, but I cannot ssh directly to my home computer (a problem). The port forwarding on my router at home is guaranteed working, since I can ssh into my windows box from my university ssh without a problem.



So far, here's the layout.

WORKS...
work compy <-(ssh through proxy)-> university acct. <-(ssh without any port forwards)-> home



DOESN'T WORK... (but this is what i want)
work compy <-(ssh through proxy)-> home




Everything sound good so far? okay... moving on...

So from here I figured a few ssh port forwards would do the trick. So what I've already tried is using a bunch of "ssh -L" tricks to get anything to work... the problem is is I can't figure out how to use my proxy correctly.

I've tried ssh -L 3389:myHomeCompy:3389 me@universityAcctCompy on my workComputer, which should take workcomputer port 3389 and send it to myHomeCompy port 3389 through the universityAcctCompy, yes? But when I try "localhost:3389" in RDP that doesn't work (error: The client could not connect. You are already connected to the console of this computer. A new console session cannot be established).

I've also tried (on university computer) ssh -L 3389:myHomeCompy:3389 me@myHomeCompy, and when I try to RDP on my work computer with "universityCompy:3389", (which should try to go to the university, where it then gets sent to my computer using the ssh tunnel), but I get the same error.

Below is the code for the proxy script (.js file) used in my work's browsers. Maybe something is wrong with my putty proxy configuration, or maybe there's something that needs to be changed here (actual IP addresses and ports changed for ID safety).

function ip2int(ip)
{
var iv = ip.split('.');
var rv = (iv[0] &0xff) << 24 | (iv[1] &0xff) << 16 | (iv[2] &0xff) <<8 | (iv[3] &0xff);

return rv;
}

function xisInNet(ip, net, mask)
{
var ip = ip2int(ip);
var net = ip2int(net);
var mask = ip2int(mask);

if ((ip & mask) == (net & mask)) return 1;
return 0;
}

function FindProxyForURL(url, host)
{
me = myIpAddress();

if(dnsDomainIs(host,"fakeName.com")
{
if(isResolvable(host))
return "DIRECT";
else

x = me.substring(me.lastIndexOf('.')+1) % 2;

if (x == 1) return "PROXY 0.0.1.0:1; PROXY 0.0.2.0:1";
return "PROXY 0.0.2.0:1; PROXY 0.0.1.0:1";
};

if ( isPlainHostName(host) ||
shExpMatch( host, "0.*" ))
return "DIRECT";

if (xisInNet(me,"1.0.0.0","255.255.0.0"))
{
x = me.substring(me.lastIndexOf('.')+1) % 2;

if (x == 1) return "PROXY 0.0.42.0:1; PROXY 0.0.10.0:1";
return "PROXY 0.0.10.0:1; PROXY 0.0.42.0:1";
};

if (xisInNet(me,"0.0.0.0","255.255.0.0"))
{
x = me.substring(me.lastIndexOf('.')+1) % 4;

if (x == 1) return "PROXY 0.0.0.11:1; PROXY 0.0.0.14:1";
if (x == 2) return "PROXY 0.0.0.14:1; PROXY 0.0.0.11:1";
if (x == 3) return "PROXY 0.0.0.13:1; PROXY 0.0.0.12:1";
return "PROXY 0.0.0.12:1; PROXY 0.0.0.13:1";
};

x = me.substring(me.lastIndexOf('.')+1) % 2;

if (x == 1) return "PROXY 0.0.1.0:1; PROXY 0.0.2.0:1";
return "PROXY 0.0.2.0:1; PROXY 0.0.1.0:1";

};

What I want to ultimately do is ssh from my work computer like this... ssh -L 3389:myCompy:3389 me@universityCompy. Is this possible? And does this even make any sense?

Thanks in advance for any help.
 
Crusty

Crusty

Lifer
Sep 30, 2001
12,684
2
81
Use a different local port on your PC, I use a random high port. ie. ssh -L 33333:blah:3389
 
Fardringle

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
Talk to the IT department (person) at your work. If this is allowed, they will help you set it up. If it is not allowed, don't do it.
 
E

Emulex

Diamond Member
Jan 28, 2001
9,759
1
71
trust me when we see encrypted data that is not nominal going over an open port that is a sign of breach of network. and in high profile cases that would be auto-fired.

if you need to surf pron can't you bring a laptop and tether your sero?
 
C

cmetz

Platinum Member
Nov 13, 2001
2,296
0
0
lotharamious, there's a long standing gentlemen's rule on this forum that we don't help people circumvent their employer's network security policies. That's because many of us here are the folks who design, implement, and operate those security policies. We don't do it because we're difficult people, we do it because we're required to provide a solution that meets certain business needs.

If you have a legitimate business need consistent whose benefit outweighs its cost, get your IT folks and/or your management involved to make a solution available to you. Generally speaking, most businesses frown on business use of your home/personal resources, so perhaps you need to work with your business folks to figure out what the really right solution is.

If you don't have a legitimate business need, you're welcome to try to do it anyway. We won't help you. Many of us, if it were our network, would catch you and proceed towards your reprimand or termination. In this economy, I suggest you think long and hard about whether you like having a paycheck, and whether you'd like to risk that over remoting into your home Windows box. I also encourage you to think about how you'll do in future job searches if prospective employers find out that you were terminated for cause because you circumvented corporate IT security policy.

Don't mess around with your employer's security. It's not worth it.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom