How to use iptables to forward Microsoft Exchange connections -- possibly with ssh?

Hi,

I have a somewhat "reverse" problem that most people have with
firewalls.

My company has a development LAN and a "company" LAN. The development
LAN is where I do my work. The "company" LAN has an Exchange server and
is where I read my email. I have two computers at my desk. One for each
LAN.

There is limited connectivity between the two LANs. I can browse the
internal web from the development LAN, but I can't get my Exchange
email.

We have a Linux box (AS4) that is on BOTH LANS that I can ssh to from
both of my computers. What I want to do is use iptables and/or ssh to
make it so I can access the Exchange server from the development LAN.

Is this possible?

I've been able to port forward ports 143 and 25 so I can do IMAP. This
is good, but it's not the full-blown exchange that I want.

Any ideas or advice?

I have both a Linux box and a Windows box (I have root) on the
development LAN. I have access to the Linux box that is connected to
both networks, but I don't have root there.

THANKS!!!
John

(E-Mail Removed) writes:

>Hi,

>I have a somewhat "reverse" problem that most people have with
>firewalls.

>My company has a development LAN and a "company" LAN. The development
>LAN is where I do my work. The "company" LAN has an Exchange server and
>is where I read my email. I have two computers at my desk. One for each
>LAN.

>There is limited connectivity between the two LANs. I can browse the
>internal web from the development LAN, but I can't get my Exchange
>email.

>We have a Linux box (AS4) that is on BOTH LANS that I can ssh to from
>both of my computers. What I want to do is use iptables and/or ssh to
>make it so I can access the Exchange server from the development LAN.

My company has a policy. I want to subvert that policy using my Linux box.
Is this possible"
Sure it is. It is also possible that if you do so, your company will fire
you. Is that what you want?

Ie, I think it is a very good idea for you to first get permission to
subvert policy before doing so.



>Is this possible?

>I've been able to port forward ports 143 and 25 so I can do IMAP. This
>is good, but it's not the full-blown exchange that I want.

>Any ideas or advice?

>I have both a Linux box and a Windows box (I have root) on the
>development LAN. I have access to the Linux box that is connected to
>both networks, but I don't have root there.

>THANKS!!!
>John

In comp.os.linux.networking (E-Mail Removed):
[..]

> My company has a development LAN and a "company" LAN. The development
> LAN is where I do my work. The "company" LAN has an Exchange server and
> is where I read my email. I have two computers at my desk. One for each
> LAN.

> There is limited connectivity between the two LANs. I can browse the
> internal web from the development LAN, but I can't get my Exchange
> email.

Doesn't the software offer some www interface, you might need to
ask the guys in charge to please switch it on.

> We have a Linux box (AS4) that is on BOTH LANS that I can ssh to from
> both of my computers. What I want to do is use iptables and/or ssh to
> make it so I can access the Exchange server from the development LAN.
[..]

> Any ideas or advice?

You have already circumvented the "company" policy/firewall with
the Linux box with interfaces on both LANs. Might be worth firing
you depending on the local security policy once someone gets
aware of it. Honestly, if the ip you are using to post is real,
you shouldn't even think about it.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 420: Feature was not beta tested

Thanks for the advice.

Maybe the situation I described is hypothetical and I'm using it to
learn something that I need to know. Maybe *I'm* not the person who is
doing this, but wants to understand how someone else might be doing it.
Open your mind.

How about some help?

John

In comp.os.linux.networking (E-Mail Removed):
> Thanks for the advice.

> Maybe the situation I described is hypothetical and I'm using it to
> learn something that I need to know. Maybe *I'm* not the person who is
> doing this, but wants to understand how someone else might be doing it.
> Open your mind.

> How about some help?

What if I'm only a hypothetical poster, maybe some automated
system?

OK, one way would be simply using NAT on the Linux box to get
the crap working. www.tldp.org should have some howto.

Now, simply tell us your username.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 338: old inkjet cartridges emanate barium-based
fumes