Hello,

My office IT admin has blocked port 110 (I think) because I cannot access email from MAIL.MYDOMAIN.COM on the usual port 110.

Also, for the web, I cannot access very normal ports such as http://MYDOMAIN.COM:2082 (which is the Cpanel.net's control panel for my domain, a very typical scenario these days).

I am hoping to find out how to use port forwarding or SSH tunneling. I use SecureCRT 5.0.4.

Is there a step by step, non-geeky guide to make sure a localhost:110 points to MAIL.MYDOMAIN.COM:110 and then I can access my email with localhost as the POP3 server? Similarly, how can I access port 2082 for HTTP by pointin it to localhost:80 or something?

Am I on the right track?

Many thanks for any pointers.

I typed up a little thing on this before:
http://forums.vandyke.com/showthread.php?t=1208

Thank you but that little thing is very little indeed, and too technical. As I requested, I would like something step by step for people who don't understand NAT or vshell or stuff like that.

I use SecureCRT 5.0.4, latest version as I write this, and can connect to an SSH server. After that, please explain step by step what I need to change in Outlook Express or in the browser, and in the SecureCRT interface.

Many thanks!

OK.

I did a google search for "port forward email securecrt" and found this ... screenshots & everything. Looks like the screenshots are from an older release, but I think it will help.

http://www.cs.unc.edu/help/network/info_sheets/securecrt/

Thank you for helping! I have searched Google of course, and come across that university site before, but their screenshots are all from old versions of SecureCRT so a duffer like me is having a hard time figuring out.

Here is what I have now (this is from PROPERTIES of my connection called "port forwarding") --

Left hand menu item: SSH2 -- has value FTP.MYDOMAIN.COM and SSH2 port (2244). The connection works fine, I have connected several times.

Now, Left hand menu item: Port Forwarding -- on right hand side I have two listings:

(a) Name=POP3, Local Address=110, Remote Host=MAIL.MYDOMAIN.com:110
(b) Name=SMTP, Local Address=25, Remote Host=MAIL.MYDOMAIN.COM:25

The login ID for my FTP.MYDOMAIN.COM (main SSH2 server for this connection) is of course different from my mail server, but the issue of login IDs has not come up in any of these instruction sites. So I take it that is a non-issue.

The connection connects fine, I always end up connecting to my server. But in my Outlook Express, when I change the POP3 and SMTP servers to "localhost" I keep getting connection errors.

Any thoughts? I am attaching screenshots here too.

Thanks in advance!

OK - what is the remote ssh2 server?
Does it allow port forwarding?

Can you turn on tracing options in SCRT (file - Trace Options ... before you connect to the ssh server) and let me know what it says when you send/receive from OExpress?

It should say ... something like: "Starting port forward from ..."

when I change the POP3 and SMTP servers to "localhost" I keep getting connection errors.
What connection errors? What message is in OExpress?

1. Not sure if SSH2 server supports port forwarding. How should I enable it? I can login to root shell, but don't know how to execute command to enable port forwarding. Thanks for any tip!

2. Screenshot of Outlook Express error message attached.

3. Tracing is on. I am attaching a TEXT file with the message.

Many thanks!!

Btw, some more trace info:


[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:110 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:4091 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:110 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:4092 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:110 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:4098 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:110 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:4099 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:110 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:4119 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:110 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:4120 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed



What could this be?

I turned off port forwarding ability on my ssh2 server, and get the same-ish message:
[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:23 to remote ssh.MYDOMAIN.com:23.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:2787 to ssh.MYDOMAIN.com:23. Reason: Opening the channel was administratively prohibited.

I'd say that the ssh2 server does not allow port forwarding. Is this YOUR server, or a Hosted server?

It is my server, I have root access. I checked with my network provider. The server has port forwarding enabled for sure. Could it be the port number? My server has SSh2 on port 2244 instead of regular 22. But this is my properties for the SSH2 connection, and I can connect alright. Does SecureCRT have problems with non-standard SSH2 ports like 2244?

Could it be the port number? My server has SSh2 on port 2244 instead of regular 22 ... Does SecureCRT have problems with non-standard SSH2 ports like 2244?
Nope. I use 25000+ port numbers for this stuff. I just tested VNC to confirm.

if you #telnet mail.mydomain.com 2244 can you tell me the server version?
Also, are you doing this as 'root' or another user? Sometimes root is denied port forwarding by default.

Version is "SSH-2.0-OpenSSH_3.6.1p2"

No, the SSH2 session is not as root of course, that is for a specific domain name, so as that domain's username.

Here is something I want to do-- for my website https://MYDOMAIN.com:2083, I would like to use http://localhost:2083. Is this possible?

Hehe, didn't see your trace options attachment earlier.
Can you re-do the trace, but keep it running while OExpress tries to connect & then exit the SCRT session & attach again.
The trace doesn't include the port forward attempt.

I just did the test on my server & it worked OK; see attachments.

Thanks! Can you attach your SecureCRT port forwarding screenshot?

The trace I attached before did not show the error message after Outlook Express tries to connect. Here it is:


[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:1100 to remote mail.MYDOMAIN.com:110.
[LOCAL] : Could not start port forwarding from local service 127.0.0.1:1748 to mail.MYDOMAIN.com:110. Reason: Opening the channel was administratively prohibited. Server error details: open failed


That's the only additional bit. Everything else is same.

Help!

[LOCAL] : Starting port forward from 127.0.0.1 on local 127.0.0.1:1100 to remote mail.MYDOMAIN.com:110.

Did you set your local port in OExpress to 1100? Why not just keep it at 110?

Anyways, the error is "Server Side" I'd present it to the server / site host(admin) and have them troubleshoot. If your screenshot looks like mine, then it's out of your hands.

Server error details: open failed

Strange error for length of post, please disregard this part...

Thanks, but please tell me what I can ask the server guys? I can SSH pretty easily and consistently, so what can they do? The SSH they tell me has port forwarding enabled. Anything else I should ask them? (It's a dedicated server, I have all rights, so if you tell me what to do, I can do it myself too!)

Many thanks!

Can you look at your /etc/ssh/sshd_config file (if the system is Unix based)? Tell me if there are any port forwarding options in there.
If so, paste them in to a post. Maybe 'gatewayport' or something?

I don't have anything like gatewayport but i have the following two that seem relevant?

X11Forwarding yes
AllowTcpForwarding no

Is the second one the culprit?

Change & restart. I'd say that'd do it.

Brilliant, it works! All along it was a simple little stupid mistake on my end -- :mad: Thanks so much for your help!

One related question -- so I have port forwarding working for email. Is there some way I can enable this for all my HTTP traffic? So that everything I see in a browser is also on a secure channel?

Sorry if this is a stupid question, but that'd be great, then I won't need a product like Total Net Shield (from Anonymizer) at all!

Thanks.

I tried that once, but wasn't able to get it working. You pretty much must have a end server ... I don't think *:80 is possible.