-1

I have root access to a server (S), but have no control over the firewalls over the network. I set up a virtual machine (VM) inside the server (S) and wanted some users to access VM directly, i.e., without providing them access to anything else inside S.

A straight-forward solution was to set up a tunnel that listen to another port, like S:22000. However, users are on a different network, that filters all ports other than 22, 80, 113, and 443.

There is no service listening on 113. Can it be used as entry point of the tunnel?

dawid
  • 101
  • 4
  • ssh on 113 will not work due the point that ident(d) is plain text, a goos firewall knows this fact. remember if you try to settle with your employer you can get removed – djdomi Apr 15 '22 at 17:30

1 Answers1

1

As commented, 113 port is for identd and is not used widely recently. Even if it's possible that you can listen that port without problem, ISP or firewall manager may aware of unusual traffic.

For more reliable and risk free methods, I suggest:

  1. Set up OpenVPN via port 80/443 with --port-share.
  2. Let users connect VPN first, and then access your VM.
3735943886
  • 71
  • 1
  • 6