Topic: Webmail tunneling?

[Mika Löf]

Is it possible at all to access webmail through tunnel? I have tunnels to ports 80, 980 and 443 but so far I have only gotten the to the login window and once also i got this message:

Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint: https://XXX.XXX.XXX:443/

To me it seems it connects but somehow the webmail app doesn't send data back to me?

I have successfully tunneled to server-manager (980), primary i-bay (80), and shell (22) but webmail (443??) doesn't give me any luck.

Any ideas are greatly appreciated!

Mika

[Paul Schwartz]

If you are using SSH (encrypted communication) to tunnel, then why do you need to encrypt an already encrypted connection?  Just use regular http as it's secure.

[Bob King]

Why would you need to tunnel for WebMail??

You can get secure WebMail by using https directly on the internet.

[Mika Löf]

I don't necessarily need to encrypt the tunnel, the reason for tunneling is that I can't access my server from the outside, my ISP blocks it, so I have tunnels from the server to the outside, to my home computer.

[Bob King]

Use PuTTY to establish an SSH conntection to port 22 with a tunnel setup to port 80 (Source port - 80; Destination - localhost:80)

Ensure that webmail is setup for HTTP and HTTPS

Point your browser to http://localhost/webmail/ login and go.

The above tested using PuTTY on a W2K machine to connect the a SME 5.6 U6 server.
Works fine for me.

[Michiel]

Or use redir (http://sammy.net/~sammy/hacks/redir-2.2.1.tar.gz). This will translate port numbers on the fly, allowing you to get around ports that are blocked by silly ISPs

[Mika Löf]

I already have a webserver at port 80 so I can't listen to it.

I temporarily disabled my webserver and yes, it works. Thanks Bob! But am I out of luck now because I need to run my webserver at port 80? Did I understand correctly that I HAVE TO read webmail through port 80 and that it is a "feature" in webmail that it cant be redirected to a non-standard port?
Michiel, do You have experience with this redir package? Does it work on SME?

[Michiel]

> Michiel, do You have experience with this redir package? Does it work on SME?

Yep, I've done it a few times for ssh and http, but it can be done for any type of traffic:

1/ Open a non-standard port (e.g. 10080) for incoming traffic (see the numerous posts on this forum on how to open a port).

2/ Put the following script in /etc/e-smith/events/local and make it executable:
#!/bin/bash
/usr/sbin/redir --lport=10080 --cport=80 &

3/ Run this script once. Next time you reboot it will be launched automatically.

4/ In the server-manager set webmail to "Enabled (HTTP or HTTPS)".

Now you can access your server with http://www.myserver.com:10080/webmail.

Michiel

[Charlie Brady]

Michiel wrote:
 
> > Michiel, do You have experience with this redir package?
> Does it work on SME?

There's an easier way. No need for redir, since the feature is built into xinetd - see "redirect" in "man xinetd.conf". You'll need something like:

service extra_http
{
        port = 8001
        disable = no
        socket_type     = stream
        wait            = no
        user            = nobody
        redirect          = localhost 800
}

You may need an entry in /etc/hosts.allow as well.

> 1/ Open a non-standard port (e.g. 10080) for incoming traffic
> (see the numerous posts on this forum on how to open a port).

No need for an add-on package here either, just a custom template.

Charlie

[Mika Löf]

Thanks Charlie, I will try that right away!
However, I am not at all familiar with templates so I guess for testing purposes I can edit /etc/xinetd.conf and then "service xinetd restart" and if it works then I do it the template-way?

[Bob King]

Mika Löf wrote:
>
> I already have a webserver at port 80 so I can't listen to it.
>
> I temporarily disabled my webserver and yes, it works. Thanks
> Bob! But am I out of luck now because I need to run my
> webserver at port 80? Did I understand correctly that I HAVE
> TO read webmail through port 80 and that it is a "feature" in
> webmail that it cant be redirected to a non-standard port?
> Michiel, do You have experience with this redir package? Does
> it work on SME?

Actually the tunnel doesn't affect your web-server but if you are concerned about it then just set-up a tunnel to port 443. Then https://localhost:443/webmail/.

[Mika Löf]

I'm sorry I didn't make myself clearer earlier. I can't tunnel (or connect in general) to the server at all, I have to tunnel FROM the server to my home pc, and my home webserver listens on ports 80 and 443 so if i try a "ssh -f -l loginname -g -N -R 10080:127.0.0.1:80 my.home.pc" from the SME server I get the error "Warning: remote port forwarding failed for listen port 80" That's why I can't connect to ports 80/443.