SSH tunnelling behind a firewall

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
From my university account I cannot connect directly to irc using the
normal clients because of some firewall restriction; I can however connect
to irc using some web based cgi interfaces, as for example the one at /

Since I don't like very much this solution, and I like using my default
client (xchat), I am looking for another solution.
I have dsl connection at home, and there is a linux box acting as
firewall/router that is always on. So I have installed an irc bouncer
(psyBNC) on it listening on port 80, and I wanted to try to see if I can
connect to it through an ssh tunnel from university.
Well it seems that I can establish the tunnel with this command:

ssh -vvv -f -L 1234:ipaddressofmylinuxbox:80 ipaddressofmylinuxbox

But then when I try to connect xchat to port 1234 I get the
following error:

channel 3: open failed: connect failed: Connection refused

The problem is not irc related since I get the same error if, for example,
I try to telnet port 1234

Any suggestion?

Re: SSH tunnelling behind a firewall

Quoted text here. Click to load it

Does xchat allow you to specify a SOCKS proxy?  If so, then just run

ssh -D1080 ipaddressofmylinuxbox

and you will have a SOCKS proxy listening on localhost:1080.
Connections sent to the proxy will be forwarded through the encrypted
channel to your linux box, and there unwrapped and sent out to the

Re: SSH tunnelling behind a firewall

Quoted text here. Click to load it

Another solution is to create tunnels directly to your desired IRC
servers, e.g.

ssh -L 19401:ircserver1:194 \
    -L 19402:ircserver2:194 \

Then tell xchat that your IRC servers are localhost:19401,
localhost:19402, etc.  Note that this, and the previous solution that
I posted, renders your IRC forwarder on the linux box unnecessary.

One possible reason that IRC can fail is if you have port 113/tcp
blocked on your linux host.  This is the port for the auth/identd
service, which many IRC servers require before they'll establish a
connection.  You may need to be running identd, or you may just need
to unblock port 113/tcp, so that at least queries to that port are
rejected instead of simply dropped.

Good luck,

Site Timeline