Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to
use port 8000
- Router's IP addr = 18.104.22.168, and it's port forwarding is set
up to forward port 8000 to 10.0.140.
- I can view the camera using 10.0.0.140:8000, no problem.
The Question: Should I be able to view the camera using
On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid>
> - Webcam's IP addr = 10.0.0.140, and it's set up to
> use port 8000
> - Router's IP addr = 22.214.171.124, and...To Port Forward or Not To Port Forward
System: DP MDD G4, OS 10.4.9
Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
connected wirelessly, basic home use only
Wireless security is very basic: Unique router name and pw, SSID
disabled, and connections allowed by MAC addresses only, Linksys
firewall is enabled with all the other features set to their defaults,
Mac OS firewall is disabled
I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
fine with iChat right out of the box. Learning how to use it I found
some Apple docs and ot...Ports for DB2 behind firewall / ssh port forward
I'd like to connect to a remote DB2 Database V 8.2 using the "DB2
Steuerzentrale" (I guess it's called something like "DB2 management console"
in the English version). Since the database host is behind a firewall I
tried to communicate through ssh port forwarding.
Therefore, I run:
ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L
50001:remotename:50001 -L 523:remotename:523 remotename
Though the ssh connection is established, my "DB2 Steuerzentrale" won't
connect to localhost successfully and shows an error num...secure port forwarding without shell access
I have the following set up on linux with the intention of allowing
specific ports to be forwarded and to not allow shell access to these
I am unsure if this is an acceptable configuration and hope to get
input regarding same.
My setup is :
sshd is started with : sshd --command=permitopen=localhost:3128
sshd_config has not been modified from its default.
Those users that are "restricted" have been usermod -s "/bin/rbash"
and /bin/rbash mode is 755 owned by root and contains :
/bin/bash -r >/dev/null 2>&1
tail -f /dev/null
This seems to limit port forwarding and prevent shell access.
Is this the best way and is it secure?
Any suggestions or comments would be greatly appreciated!
> Those users that are "restricted" have been usermod -s "/bin/rbash"
> and /bin/rbash mode is 755 owned by root and contains :
> /bin/bash -r >/dev/null 2>&1
> tail -f /dev/null
Why not just give them a shell of /bin/false? Then they can't have
shell access at all, but they can still forward ports.
To reply by email, change "deadspam.com" to "alumni.utexas.net"
Andrew Schulman <firstname.lastname@example.org> wrote in message news:<MPG.1bc4d2857ac5144098969e@localhost>...
> > Those users that are "restricted" have been usermod -s "/bin/rbash"
&...port forwarding for multiple ports
Is there any way to do a port forwarding (ssh -L
localport:remotehost:remoteport) for a range of ports?
If do not, can I do a port forwarding dinamically? (is there any
application that do something like this?)
email@example.com (RFT) writes:
>Is there any way to do a port forwarding (ssh -L
>localport:remotehost:remoteport) for a range of ports?
Not readily that I'm aware.
>If do not, can I do a port forwarding dinamically? (is there any
>application that do something like this?)
There's the -D command (which supports SOCKS right now). I've
also hacked at the source to do more interesting things. It's
certainly possible to do what you want with an unmodified SSH
server. The trick is convincing a client to do it. I've been
playing with Twisted.Conch to do this.
In article <firstname.lastname@example.org>,
RFT <email@example.com> wrote:
>Is there any way to do a port forwarding (ssh -L
>localport:remotehost:remoteport) for a range of ports?
Use lots of "-L" command line options :-?
>If do not, can I do a port forwarding dinamically? (is there any
>application that do something like this?)
It depends on what you mean by "dynamically". Some implementations
(eg, PuTTY, OpenSSH, possibly others) have a "dynamic forward" option
which implements a SOCKS server in the SSH client, so if you application
understands...port forwarding/ opening port
i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed.
i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL
Router from Huawei, china
its having NAT & built in firewall.,,, i'm also using Win XP Firewall
to protect my pc..
i want to know how to use port forwarding & how to open port on router
so that i can establish connection, also i didn't understand the UDP &
TCP, what is it all about?
i want to open port for radmin connection...
also, how to know that how much secure my pc is from internet... any
i have referred to router manual but i didn't find the information..
Thank you in advance
firstname.lastname@example.org wrote in news:1130958191.680401.263360
> i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed.
> i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL
> Router from Huawei, china
> its having NAT & built in firewall.,,, i'm also using Win XP Firewall
> to protect my pc..
> i want to know how to use port forwarding & how to open port on router
> so that i can establish connection, also i didn't understand the UDP &
> TCP, what is it all about?
> i want to open port for radmin connection...
> also, how to know that how much secure my pc is from internet... any
> i have referred to router manual but i didn't find the...Symantec 200R Firewall port forwarding remote desktop security
I have set up the 200R to allow a virtual server for port 3389 so that I can
connect to our remote server using terminal services to the public Internet
IP address. It all works OK but I have disabled it because of security
reasons. Two questions:-
Is there any way to tie down this access to my own PC or network?
Can I make the port appear in Stealth mode rather than Open?
Vic Russell wrote:
> I have set up the 200R to allow a virtual server for port 3389 so that I
> can connect to our remote server using terminal services to the public
...What is the difference between local port forwarding (-L) and remote port forwarding (-R)
I need to do an SSH tunnel to encrypt the data sent between an agent
and a the server. I'm able to establish a tunnel but there's something
that I can't understand...
What is the difference between the bit -L and the bit -R. I've read
the man of SSH on Fedora. It's seems to be simple but in practice, I
Can somebody help me on this subject?
Thanks a lot!
> What is the difference between the bit -L and the bit -R.
-L forwards a port from the client to the server.
-R forwards a port from the server to the client.
To reply by email, replace "deadspam.com" by "alumni.utexas.net"
In article <email@example.com>,
Yann Laviolette <firstname.lastname@example.org> wrote:
>What is the difference between the bit -L and the bit -R. I've read
>the man of SSH on Fedora. It's seems to be simple but in practice, I
Example: "ssh -L 2000:126.96.36.199:2000 server" is a "local" forward and will
listen on the client (ie the machine you ssh'ed from) on port 2000.
If something connects to the client on port 2000, a "channel" will be
opened inside the SSH connection and the server will connect to 188.8.131.52 on
port 2000. Any data sent or received will be forwarded over this channel.
In contrast, "ssh -R 2000:184.108.40.206:2000 server" is a "remote" forward,
which will cause the *server* to listen o...ssh port forward
Im trying to set up ssh local port forward.
But I dont know the ports to connect to on the remote machine
Is it possible to setup forward for a range of ports?
You can specify multiple ports to forward on the command line, or
establish a VPN if you have the need for UDP. See:
for info on both types.
On 21 Nov 2006 15:57:54 -0800
> Im trying to set up ssh local port forward.
> But I dont know the ports to connect to on the remote machine
> Is it possible to setup forward for a range of ports?
For UNIX, Linux and security articles
In article <email@example.com>
>Im trying to set up ssh local port forward.
>But I dont know the ports to connect to on the remote machine
You could perhaps use OpenSSH's "dynamic" port forwarding, i.e. SOCKS -
see the -D option.
>Is it possible to setup forward for a range of ports?
Not as such (with OpenSSH), though (with OpenSSH) you can AFAIK give any
number of -L options - i.e. a range is just a matter of giving one -L
option for every port in the range. A bit verbose, but the end result
would be the same - ssh (any flavour) would need to open a separate
socket for every port in the range, the...Port forwarding through firewalls
Here is my issue I usually run a support application which is a
customized version of UltraVNC server. It launches from a client
machine and attempts to connect on port 5555 to my offices WAN IP. The
firewall redirects the port to my computer and I can see my clients
computer as soon as the connection is made to my VNC viewer operating
on listening mode on port 5555.
It works great but now I am traveling and I a hotel and want to have
the same functionality. There fore I need to forward the data coming in
on port 5555 on my office machine to my laptop which is BEHIND a hotel
My solution to use Zebedee in reverse tunnel mode. So I run a client on
my computer with the following configuration file.
verbosity 2 # Basic messages only
I then connect to the client by running the server on my computer
verbosity 2 # Basic messages only
server true # It's a server
detached false # Detach from terminal
I get a connection established on the client on my work machine. So I
have established the connection to the client through the hotel
firewall and our work firewall. However when I try and run the VNC
server at port 5555 on my office machines nothing happens on my laptop.
I have tried several variations of ports and commands. I think I
fundamentally misu...Do I need port forwarding on 25 port to send messages?
I'm using CDONTS.Newmail (It is using the local SMTP) in a contact
form on a web server(IIS) which is behind DMZ.
I am trying to figure out why it is not sending the messages.
The machine has private IP and port forwarding is set up for 80 port.
I don't need to receive, but only to send.
In this case - Do I need port forwarding on 25 port if I use the SMTP
for CDONTS.Newmail only.
Thank you in advance,
"bu" <firstname.lastname@example.org> wrote in message
| I'm using CDONTS.Newmail (It is using the local SMTP) in ...port tunneling over ssh (not port-forwarding in the traditional sense)
Does anybody know of a way to do port forwarding over ssh not using the
standard ssh functionality, but rather by running a utility on the server
and using a special client that forwards data through the terminal session.
I think PPP and slirp would do the job, but I would prefer to have a
standalone client that exists solely to forward one (or several) ports,
rather than acting as my main network connection.
> Does anybody know of a way to do port forwarding over ssh not using the
> standard ssh functionality, but rather by running a utility on the server
> and using a spe...iptables port forwarding
with the following rules:
iptables -A INPUT --protocol tcp --dport 2222 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:22
"ssh -p 2222 <host>" doesn't go through and nmap shows port 2222 as
being filtered (from within the DMZ). how can i open up the port?
> with the following rules:
> iptables -A INPUT --protocol tcp --dport 2222 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:22
> "ssh -p 2222 <host>" doesn't go through and nmap shows port 2222 as
> being filtered (from within the DMZ). how can i open up the port?
Change the INPUT rule to --dport 22 and it should work. The DNAT rule
changes the port in the PREROUTING table, and because of the way
the packets traverse the chains the table FILTER and the chain INPUT
goes after that, so the packet has destination port 22 when it hits
the INPUT rule.
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
bgSEC Seguridad y Consultoria de Sistemas Informaticos
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the R...port forwarding and secured connection
openssh 220.127.116.11 with zlib and openssl 0.9.6.7 are installed on AIX4.3.
The config files are listed at the end of this mail.
I have one machineA on which I have configured local port forwarding:
machineA:#sshd -p 2222
machineA:#ssh -f -g -N -L 2223:machineA:23 machineA
A client telnet connection to port 2223 of machine A works.
If I understand local port forwarding,
the connection between the client and port 2223 on machine A should be
the connection between port 2223 on machine A and port 23 should be
But when I use ip listener on what goes out from port 2223 and what
arrives to port 23, I see that the connection is not secured.
What should be secured:
1/Should the connection between port 2223 on machine A and port 23 be
secured in both way, I mean from 2223 to 23 and from 23 to 2223?
2/Or should connection between 2223 and 2222 not secured, and between
2222 and 23 secured? In both way?
3/Do I need to install another package?
Thanks in advance.
Here are extracts of sshd_config and ssh_config files:
# Host *
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# Protocol 2,1
# HostKey for protocol version 1
#HostKey /etc/ss...How do I: Switchport port-security on Pix 501 Switch Ports
I have a bunch of remote fire stations on a nailed vpn over cable to
our internal network. I need to be able to do something similar to
what I do with switches:
switchport port-security mac-address sticky
These folks keep bringing in personal laptops that are virus/malware
infected and putting them on our network.
Does anyone have any idea on how I can control these switch ports on
Some models actually show the switch ports, but the eraly models, don'/
t even show the switchports on a 'sh int'
Thank-you for any idea's.
Bruce D. Meyer
Bru...ssh, firewall, port forwarding
I have a bit of trouble with ssh, hopefully you will have some tips
where to look for the error.
I have a PC with 4.9R, sshd enabled. Logged on locally, I can do an:
and I can log in, so sshd and my user id is proven to be working.
The trouble comes when I try to do it remotely.
To make things a bit more complicated, this PC is not directly connected
to the internet. I have a DSL line connected to a commercial DSL
modem/router/firewall device that takes up the routable IP I get from
the ISP. Behind that device I have a private network of 10.0.0.x. There
is only one device in this network, a broadband router/firewall/switch.
And behind that, I have a private network of 192.168.1.x. My PC is on
this 192.168.1.x network, together with a Windows PC of my friend.
First of all, the internet connection on both PCs works fine. I can
browse the web, use ftp, ssh or sftp, send and receive mails, etc. So
the network setup should be OK.
We configured port forwarding on the DSL modem, so that it forwards port
22 to the internal broadband router. We also configured that broadband
router to forward port 22 to my freebsd PC. Forwarding is on for both
TCP and UDP.
Now, connecting to port 22 of the DSL modem I should be able to get back
to my own PC, right ?
But when I run an:
it does not work. Connection refused.
Now I wonder, if this should be a problem with those port forwarding
...security of reverse port on the firewall
I can't seem to find any discussions on the security of opening a reverse
port of a firewall for NTP. I would have thought this was a fairly important
point of discussion or is it not? Can anyone point me to info on this item?
Don S wrote:
>I can't seem to find any discussions on the security of opening a reverse
>port of a firewall for NTP. I would have thought this was a fairly important
>point of discussion or is it not? Can anyone point me to info on this item?
If you limit port 123 to UDP, I don't see that there is much, if any,
hazard...Firewall, NAT and port forwarding
I work remotely and am trying to be able to ftp to a SCO OpenServer
5.0.5 box at my office.
This server sits behind a ZyXel firewall. I have NAT enabled and have
used port forwarding for port 22 to enable me being able to login
using SSH, etc. No problems, that all works great.
However, I'm trying to be able to ftp to this server as well, but
can't seem to get the port forwarding working.
What am I missing?
I have set port 21 on the ZyXel firewall to redirect to the SCO
server's static IP address (just as I did for SSH)
but I can't get an ftp login at all. After about 30 seconds, it just
says ftp: connect: Unknown error number
I can ftp from the SCO box itself to the IP of the firewall, but not
Any thoughts on what I'm missing here? Why doesn't the port
forwarding work on the fireweall just as it does for using SSH?
On Mon, Mar 22, 2010, scooter6 wrote:
>I work remotely and am trying to be able to ftp to a SCO OpenServer
>5.0.5 box at my office.
>This server sits behind a ZyXel firewall. I have NAT enabled and have
>used port forwarding for port 22 to enable me being able to login
>using SSH, etc. No problems, that all works great.
>However, I'm trying to be able to ftp to this server as well, but
>can't seem to get the port forwarding working.
>What am I missing?
>I have set port 21 on the ZyXel firewall to redirect to the SCO
>server's s...BEFW11S4 Port Forwarding
I have a Linksys BEFW11S4 v4 router, I upgrading the firmware to
Firmware Version : 1.50.14 when it came out and not the router is
having port forwarding issues. Here is the setup I have 3 ports
forwarding to the same port number on 3 different computers
External Port 111 -> Internal computer 192.168.0.1 Port 22
External Port 112 -> Internal computer 192.168.0.2 Port 22
External Port 113 -> Internal computer 192.168.0.3 Port 22
When I attempt to connect to thse ports once every 3 days I wil be able
to connect, when I attempt to connect to any of these port with a ssh
client...Forwarding port inside of firewall
I have some sort of unique situation here. My ISP is currently
blocking port 80. I have changed my web server to port 82 and have
redirected by domain name to point to port 82 to bypass the block on
port 80. Then I have my firewall forwarding port 82 to my web server
which is running on port 82. Pretty simple config. I am having some
strange difficulties running my web server on port 82 and want to
change it back to port 80. This will of course be blocked. What I am
wanting to do is to continue having my dynamic DNS provider redirect my
domain name to port 82, then my firewall will accept the port 82
traffic, but instead of having it forwarded directly to my web server,
I want it to somehow take the port 82 traffic and then convert it to
port 80 and then forward to my web server running on port 80.
I know it seems strange to do it this way, but it is just not working
Thanks for your suggestion.
So, what is your question? Specifically, what problem have you been
experiencing with this setup?
....Seems like you're trying to archieve NAT ---static NAT port 82 to
> I have some sort of unique situation here. My ISP is currently
> blocking port 80. I have changed my web server to port 82 and have
> redirected by domain name to point to port 82 to bypass the block on
> port 80. Then I have my firewall forwarding port 82 to my web server
> which is running on port 82. Pretty...Firewall port 1105 (FTRANHC) & port 1239 (NMSD) ?
Can someone shed light on this message from Sygate Personal Firewall?
Firefox (firefox.exe) is being contacted from a remote machine
www.google.com [18.104.22.168] using local port 1105 (FTRANHC - FTRANHC).
Do you want to allow this program to access the network?
1. I brought up firefox and went to google groups.
2. Sygate asked me if I wanted to go there at port 80 & I said OK.
3. Then, Google came back asking to come in on port 1105.
Why does Google want to remote initiate at port 1105?
Then I search for port lists and find this URL:
When I go to that link, besides the request to go out on port 80 I get
another incoming Sygate permission request asking:
NDIS User mode I/O Driver (ndisuio.sys) is being contacted from a remote
machine www.doshelp.com [22.214.171.124] using local port 1239 (NMSD -
NMSD). Do you want to allow this program to access the network?
I say no, and the web page won't come up.
So I go to http://www.iana.org/assignments/port-numbers to find not much on
these two ports.
My confusion lies in why these web sites feel the need to contact me on any
port other than the port 80 that I go out to them on.
Can you shed light on what is the normal process here?
Thank you for your guidance,
On Fri, 6 Jan 2006 01:55:53 -0500, YoKenny wrote:
>> When I go to that link, besides the request to go out on port 80 I get
>> another incoming Sygate permission request on port 1239.
> Spyware Det...Warning: remote port forwarding failed for listen port 4043
I have a script that does a port forwarding for me:
ssh -n -R localhost:4043:localhost:22 remoteserver.example.com
The problem with this is that if port forwarding fails, ssh prints
Warning: remote port forwarding failed for listen port 4043
But it STAYS CONNECTED instead of properly failing with exit code.
So it is a MAJOR pain to detect this condition and kill ssh.
How can I change is so that, when report port forwarding cannot be
accomplished, ssh exits right away?
I think that it is a bug, period.
>>>>> "Ignoramus3694" == Ignoramus3694 <ignoramus3694@NOSPAM.3694.invalid> writes:
Ignoramus3694> I have a script that does a port forwarding for me: ssh
Ignoramus3694> -n -R localhost:4043:localhost:22
Ignoramus3694> The problem with this is that if port forwarding fails,
Ignoramus3694> ssh prints
Ignoramus3694> Warning: remote port forwarding failed for listen port
Ignoramus3694> But it STAYS CONNECTED instead of properly failing with
Ignoramus3694> exit code.
Ignoramus3694> So it is a MAJOR pain to detect this condition and kill
Ignoramus3694> How can I change is so that, when report port
Ignoramus3694> forwarding cannot be accomplished, ssh exits right
Reading the documentation [ssh_config(5)]:
ExitOnForwardFai...FTP port forwarding in SSH.. Secure??
I was trying the "FTP Port Forwarding"
to secure the FTP transfer). I really like it, but I have a question:
On the unix manual pages (man ssh2), the description of the "-L"
option indicates that part of the connection is not secure when you
use FTP Port Forwarding, could someone please explain me what part is
not secure? Is it referring to the FTP data which is non-encrypted
inside the tunnel? Below is text from manual
page for F-Secure SSH2
ssh2 - secure shell client (remote login program)
-L [protocol/][localhost:]port:host:hostport or -L
The given port on the local (client) host is forwarded
to the given host and port on the remote side. This
allocates a listener port port on the local side.
Whenever a connection is made to this listener, the
connection is forwarded over the secure channel and a
connection is made to host:hostport from the remote
machine (this latter connection will not be secure, it
is a normal TCP connection). Port forwarding can also
be specified in the configuration file. ...Port forwarding allowed on linksys RT31P2?
I am using Vonage and was trying to setup a win2003 server on my home
network. My Vonage linksys router(RT31P2) is connected to my cable
modem. Now, i have a 4 port Belkin router connected to my Vonage
linksys router. I found out that i have to do port-forwarding to get my
Windows 2003 server to work with the no-ip(dynamic DNS) feature since i
don't have a static ip. Problem is that i went into the configuration
of Vonage linksys router and it doesn't seem to even let me make
changes and save at all, much less allow me to do port forwarding.
Anyone know how or is it not possible? All i want to do is have my
windows 2003 server as a host for possible website using IIS and the
dynamic DNS by no-ip.com Thanks for any input!
On 2005-09-19, email@example.com <firstname.lastname@example.org> wrote:
> Hello Everyone,
> I am using Vonage and was trying to setup a win2003 server on my home
> network. My Vonage linksys router(RT31P2) is connected to my cable
> modem. Now, i have a 4 port Belkin router connected to my Vonage
> linksys router. I found out that i have to do port-forwarding to get my
> Windows 2003 server to work with the no-ip(dynamic DNS) feature since i
> don't have a static ip. Problem is that i went into the configuration
> of Vonage linksys router and it doesn't seem to even let me make
> changes and save at all, much less allow me to do port forwarding.
> Anyone know how or is it not ...