f



port forwarding for multiple ports

Hello,

Is there any way to do a port forwarding (ssh -L
localport:remotehost:remoteport) for a range of ports?

If do not, can I do a port forwarding dinamically? (is there any
application that do something like this?)

Thanks,

RFT.
0
4/26/2004 8:42:34 PM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

2 Replies
882 Views

Similar Articles

[PageSpeed] 2

rodrigofteixeira@yahoo.com.br (RFT) writes:

>Is there any way to do a port forwarding (ssh -L
>localport:remotehost:remoteport) for a range of ports?

Not readily that I'm aware.

>If do not, can I do a port forwarding dinamically? (is there any
>application that do something like this?)

There's the -D command (which supports SOCKS right now).  I've
also hacked at the source to do more interesting things.  It's
certainly possible to do what you want with an unmodified SSH
server.  The trick is convincing a client to do it.  I've been
playing with Twisted.Conch to do this.

--kyler
0
Kyler (153)
4/27/2004 12:08:32 AM
In article <610789b8.0404261242.35824a3b@posting.google.com>,
RFT <rodrigofteixeira@yahoo.com.br> wrote:
>Is there any way to do a port forwarding (ssh -L
>localport:remotehost:remoteport) for a range of ports?

Use lots of "-L" command line options :-?

>If do not, can I do a port forwarding dinamically? (is there any
>application that do something like this?)

It depends on what you mean by "dynamically".  Some implementations
(eg, PuTTY, OpenSSH, possibly others) have a "dynamic forward" option
which implements a SOCKS server in the SSH client, so if you application
understands SOCKS (or can be made to, eg "socksify" or "runsocks") then
it can use an SSH tunnel pretty much transparently.

Alternatively, you could use something like OpenSSH's EscapeChar and
add local forwardings at run time (eg "[CR]~C -L lport:remhost:rport").

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0
dtucker (551)
4/27/2004 12:42:51 AM
Reply:

Similar Artilces:

Ports....Ports....Ports...
I have a linksys WRT54G wireless access point and I have't been able to get voice communications using Windows Messenger or Buddy Talk. With a direct PPOE connection to my isp they voice items worked fine. What ports need to be forwarded to allow for voice? Thanx, Grumpy On Fri, 08 Aug 2003 15:05:30 GMT, William Harper spoketh >I have a linksys WRT54G wireless access point and I have't been able to get >voice communications using Windows Messenger or Buddy Talk. With a direct >PPOE connection to my isp they voice items worked fine. What ports need to >be forwarded...

Why is port forwarding more secure than opening up a port?
I have never understood this very well, here is my current grasp of it.. If I open up port 110 on my router: 1. If hacker is probing random IP addresses on that port, I will be flagged as open and he will come back and pay me a visit. 2. Any Trojans, viruses, or other malware that works its way into PCs via port 110 will eventually stumble across my open port and infect me. Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server PC): 1. If hacker is probing random IP addresses on that port, will I will be flagged as closed? stealthed? worth a second visit?...

ssh port forward
Hi, Im trying to set up ssh local port forward. But I dont know the ports to connect to on the remote machine beforehand. Is it possible to setup forward for a range of ports? thanks rc You can specify multiple ports to forward on the command line, or establish a VPN if you have the need for UDP. See: http://www.securitybulletins.com/mediawiki/index.php/SSH_Tunnelling for info on both types. Doug On 21 Nov 2006 15:57:54 -0800 chandranramesh@gmail.com wrote: > Hi, > > Im trying to set up ssh local port forward. > But I dont know the ports to connect to on the remote machine > beforehand. > > Is it possible to setup forward for a range of ports? -- For UNIX, Linux and security articles visit http://SecurityBulletins.com/ In article <1164153474.108673.130230@b28g2000cwb.googlegroups.com> chandranramesh@gmail.com writes: > >Im trying to set up ssh local port forward. >But I dont know the ports to connect to on the remote machine >beforehand. You could perhaps use OpenSSH's "dynamic" port forwarding, i.e. SOCKS - see the -D option. >Is it possible to setup forward for a range of ports? Not as such (with OpenSSH), though (with OpenSSH) you can AFAIK give any number of -L options - i.e. a range is just a matter of giving one -L option for every port in the range. A bit verbose, but the end result would be the same - ssh (any flavour) would need to open a separate socket for every port in the range, the...

Prevent blocking remote port when setting up a SSH tunnel/SSH port forwarding?
Assume I create an SSH tunnel to a remote computer with ssh foobar@remcomp -L 20110:remcomp:110 then it seems to me that on the remote computer port 110 is blocked for other clients. Is this true? How can I prevent this exclusive locking? Peter pins1000@yahoo.com (Peter Insold) writes: > Assume I create an SSH tunnel to a remote computer with > > ssh foobar@remcomp -L 20110:remcomp:110 > > then it seems to me that on the remote computer port 110 is blocked for other > clients. Is this true? No. DES -- Dag-Erling Smørgrav - des@des.no...

Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to use port 8000 - Router's IP addr = 1.0.0.1, and it's port forwarding is set up to forward port 8000 to 10.0.140. - I can view the camera using 10.0.0.140:8000, no problem. The Question: Should I be able to view the camera using 10.0.0.1:8000? -- PeteCresswell On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid> wrote: > - Webcam's IP addr = 10.0.0.140, and it's set up to > use port 8000 > > - Router's IP addr = 1.0.0.1, and...

To Port Forward or Not To Port Forward
System: DP MDD G4, OS 10.4.9 Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3 connected wirelessly, basic home use only Wireless security is very basic: Unique router name and pw, SSID disabled, and connections allowed by MAC addresses only, Linksys firewall is enabled with all the other features set to their defaults, Mac OS firewall is disabled I recently purchased a Logitec QuickCam Pro 5000 webcam that works just fine with iChat right out of the box. Learning how to use it I found some Apple docs and ot...

port tunneling over ssh (not port-forwarding in the traditional sense)
Does anybody know of a way to do port forwarding over ssh not using the standard ssh functionality, but rather by running a utility on the server and using a special client that forwards data through the terminal session. I think PPP and slirp would do the job, but I would prefer to have a standalone client that exists solely to forward one (or several) ports, rather than acting as my main network connection. > Does anybody know of a way to do port forwarding over ssh not using the > standard ssh functionality, but rather by running a utility on the server > and using a spe...

Ports for DB2 behind firewall / ssh port forward
hi newsgroup, I'd like to connect to a remote DB2 Database V 8.2 using the "DB2 Steuerzentrale" (I guess it's called something like "DB2 management console" in the English version). Since the database host is behind a firewall I tried to communicate through ssh port forwarding. Therefore, I run: ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L 50001:remotename:50001 -L 523:remotename:523 remotename Though the ssh connection is established, my "DB2 Steuerzentrale" won't connect to localhost successfully and shows an error num...

FTP port forwarding in SSH.. Secure??
I was trying the "FTP Port Forwarding" to secure the FTP transfer). I really like it, but I have a question: On the unix manual pages (man ssh2), the description of the "-L" option indicates that part of the connection is not secure when you use FTP Port Forwarding, could someone please explain me what part is not secure? Is it referring to the FTP data which is non-encrypted inside the tunnel? Below is text from manual page for F-Secure SSH2 SSH2 SSH2(1) NAME ssh2 - secure shell client (remote login program) .... ... -L [protocol/][localhost:]port:host:hostport or -L socks/[localhost:]port The given port on the local (client) host is forwarded to the given host and port on the remote side. This allocates a listener port port on the local side. Whenever a connection is made to this listener, the connection is forwarded over the secure channel and a connection is made to host:hostport from the remote machine (this latter connection will not be secure, it <----- why not secure? is a normal TCP connection). Port forwarding can also be specified in the configuration file. ...

port forward / port changing
Hi all I have my router set up to port forward various ports across, eg ExtIP:25 -> Mail:25 ExtIP:80 -> Web:80 but I cant figure out how to make the ports different. Eg i have another interal web server which i want to make available externally... ExtIP:8000 -> OtherWeb:80 what is the exact command for this? I've tried ip nat inside source static tcp 192.168.176.150 80 interface Dialer1 8000 but I dont seem to be getting anywhere. It's an 827 running IOS 12.3(15). Thanks Mike Never mind, I have it working now. Mistyped the port in my external access list. My ...

port forwarding/ opening port
hi i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed. i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL Router from Huawei, china its having NAT & built in firewall.,,, i'm also using Win XP Firewall to protect my pc.. i want to know how to use port forwarding & how to open port on router so that i can establish connection, also i didn't understand the UDP & TCP, what is it all about? i want to open port for radmin connection... also, how to know that how much secure my pc is from internet... any resource... i have referred to router ...

What is the difference between local port forwarding (-L) and remote port forwarding (-R)
Hi! I need to do an SSH tunnel to encrypt the data sent between an agent and a the server. I'm able to establish a tunnel but there's something that I can't understand... What is the difference between the bit -L and the bit -R. I've read the man of SSH on Fedora. It's seems to be simple but in practice, I don't understand. Can somebody help me on this subject? Thanks a lot! Yann > What is the difference between the bit -L and the bit -R. -L forwards a port from the client to the server. -R forwards a port from the server to the client. -- To reply by email, replace "deadspam.com" by "alumni.utexas.net" In article <d73d6e32.0404262310.5dd662ed@posting.google.com>, Yann Laviolette <yann_laviolette@gnome.org> wrote: >What is the difference between the bit -L and the bit -R. I've read >the man of SSH on Fedora. It's seems to be simple but in practice, I >don't understand. Example: "ssh -L 2000:1.2.3.4:2000 server" is a "local" forward and will listen on the client (ie the machine you ssh'ed from) on port 2000. If something connects to the client on port 2000, a "channel" will be opened inside the SSH connection and the server will connect to 1.2.3.4 on port 2000. Any data sent or received will be forwarded over this channel. In contrast, "ssh -R 2000:1.2.3.4:2000 server" is a "remote" forward, which will cause the *server* to listen o...

Port Forwarding and Multiple SSH Servers
Behind my firewall I have several SSH servers that I connect to with something like: ssh -p xx user@firewall_IP_address and then the firewall forwards it to the correct server, generally running some version of Linux. The problem is this error message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:19 Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. X11 forwarding is disabled to avoid man-in-the-middle attacks. Permission denied (publickey,password,keyboard-interactive). On the client system $HOME/.ssh/config I've put : Host firewall_IP_address StrictHostkeyChecking no but I still get the error message. My workaound is to remove the key in known_hosts and then connect but I need to find a better solution. Is there one? The client is cygwin running on WinXP. Thanks...

Port forwarding ranges of ports in IOS
Is this possible? For instance, I want to port forward inbound a VoIP providers UDP ports (e.g. 16000 16500). I cannot find anything about how to do this so I'm thinking it's not possible. Thanks On Aug 25, 7:23 am, locken...@gmail.com wrote: > Is this possible? For instance, I want to port forward inbound a VoIP > providers UDP ports (e.g. 16000 16500). I cannot find anything about > how to do this so I'm thinking it's not possible. > > Thanks Hi, you can use the 'range' parameter in the access list's command, i.e.: access-list 100 permit ud...

difference between port redirect and port forwarding
hi all can any body point out the difference between in port redirect and port forwarding? Actually i am trying to forward/redirect all the requests to port 26 to 25, as i cannt access port 25 from my current network. I would appreciate if somebody could suggest a solution for this problem. Thank you Anil On Thu, 30 Oct 2003 18:38:43 GMT, Anil Kommareddy <linuxkid@itslinuxhelp.com> wrote: >Actually i am trying to forward/redirect all the requests to >port 26 to 25, as i cannt access port 25 from my current network. Trying to set up an open relay for SMTP? Having trou...

how do i forward ports and allow access on some port?
Hi all, I am using Norton System Works 2005 full edition (with nortn firewall) on a windows 2000 professional OS , now i want to forward port 80,99,100 to a linux box running in the same office and I also want to allow someone access on port 101 and 102. Can someone help me out , how to do it. Regards vivek kedia india vivekkedia@gmail.com wrote: > Hi all, > > I am using Norton System Works 2005 full edition (with nortn firewall) > on a windows 2000 professional OS , now i want to forward port > 80,99,100 to a linux box running in the same office and I also want to > a...

netscreen: not allowed to port forward port outside port < 1024 to one inside >= 1024?
I'm using a netscreen-25 and it seems to be the case that when I try to set up a port forward from virtual port 80 (outside) to port 8080 (inside) it won't let me: "port number should be between 1024 and 32767, or default 1024" .... and then it sets my port 80 to be 1024. Virtuals ports < 1024 are not allowed for some reason.... I am doing the port forwarding by using the VIP (virtual IP) feature btw. Why should there be such a limiation? Is there any compromise possible? alex Alex Hunsley wrote: > I'm using a netscreen-25 and it seems to be the case that w...

ssh, port forwarding
Does anyone know why ssh connections use seemingly random port numbers? At least it appears that way in a tcpdump output: "192.168.1.201:61032 > 192.168.1.1.ssh", or "192.168.1.1.ssh > 192.168.1.201.56365" ...and others. I'm trying to ssh in to .201 from the WAN. .1 is running a nat- enabled firewall (FreeBSD 7.0, natd, ipfw) and is configured to forward port 2222 to 192.168.1.201:22. But I cannot connect, and I've narrowed the problem down to my firewall, which only has 22, 67, 80, and 2222 open for incoming connections. Is there a specific range I should open up, e.g. 45000-65535 ? I would appreciate any insight... Thanks, Steven Steven Borrelli <sborrelli8@gmail.com> wrote: > Does anyone know why ssh connections use seemingly random port > numbers? At least it appears that way in a tcpdump output: > > "192.168.1.201:61032 > 192.168.1.1.ssh", or "192.168.1.1.ssh > > 192.168.1.201.56365" ...and others. TCP connections have two port numbers. The one on the client end, and the one on the server end. It's common to not specify a port for the client and have the OS pick one for the connection, and specify only the one on the server. That's what SSH is goind. This tells us that the 1.1.ssh side is the server side, and the 1.201.xxx side is the client. > I'm trying to ssh in to .201 from the WAN. .1 is running a nat- > enabled firewall (FreeBSD 7.0, natd, ipfw) an...

SSH and forwarding port
Hi, I want to use SSH from my work desk to the client site for doing some diagnosis on electronic systems. The network will be like that: One PC at work desk with ssh client on private LAN. SSH client is configured for forwarding port 9000 for example (in fact, my diagnosis application). A firewall accept the outgoing connection by port 22. At the client site, one PC with SSH server. The connection to Internet will be by DSL link and some servers (diagnosis servers) will be connected on the Ethernet private network on site (by Ethernet connection on the SSH server PC). My question is this one: The final destination of the forwarding TCP frame is a diagnosis servers on client private LAN (for example address 10.0.1.1 on port 9000) through the PC with SSH server. When SSH server has decrypted the frame, what to do with this frame? Because I want that this frame arrive to the diagnosis servers. I don't know what to do exactly!.. Is the frame will be routed on the LAN by SSH server PC? Thank you for your help. Bruno -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruno Caruso wrote: | Hi, | | I want to use SSH from my work desk to the client site for doing some | diagnosis on electronic systems. The network will be like that: | One PC at work desk with ssh client on private LAN. SSH client is configured | for forwarding port 9000 for example (in fact, my diagnosis application). A | firewall accept the outgoing connection by port 22. | | At the client site, one PC with ...

ssh port forwarding
Hello! Please, explain me where I'm wrong. I have two machines with linux and FreeBSD and I desire to have a secure tunel for HTTP between them. So I make it in the following way: linux@lunc:~$ ssh -2 -L 1234:localhost:6661 lunc@freebsd freebsd@lunc|~$ and afer that I tried to make following HTTP request "http://localhost:1234/" on my linux box by Firefox browser. However, I saw by tcpdump that http wasn't tuneled: linux@root# tcpdump -X -s 128 -v port 6661 ......... 19:47:07.980462 IP (tos 0x0, ttl 64, id 62776, offset 0, flags [DF], proto: TCP (6), le...

ssh port forwarding
Hello, I am trying to get access to a friends' computer via ssh. Unfortunately, his computer is behind a router which doesn't support NAT (Network Adress Translation). Consequently, I cannot connect directly on his computer using a command like "ssh user@ip_adress" because his router is blocking me. Then, I got the idea that perhaps if my friend would start a ssh connection from HIS computer to MINE, and then somehow by tunneling I would be able to get access to his computer. But after having read the manpages of ssh and something on the internet, I must state that I do n...

Forward only some ports through ssh
Hello, Is it possible to forward only some ports (cvs and mysql for example) through ssh using the authorized_keys. Thank you. ...

SSH Port forwarding
Hi All, I am running an application over telnet interface on port say 5566 So I generally connect telnet <hostname> 5566. How to connect to the application via ssh (using ssh portforwarding.) Thanks and Regards, Jc Jc wrote: > Hi All, > > I am running an application over telnet interface on port say 5566 > So I generally connect telnet <hostname> 5566. > > How to connect to the application via ssh (using ssh portforwarding.) > > Thanks and Regards, > Jc > ssh -L 5566:localhost:5566 userid@remotehost telnet localhost 5566 Hi, Thanks. It works. But what happens is it directly logged into the remotehost which I don't want. I want the user to get only the info through the port 5566 (ssh). Any way? Thanks in advance, Jc Chuck wrote: > Jc wrote: > > Hi All, > > > > I am running an application over telnet interface on port say 5566 > > So I generally connect telnet <hostname> 5566. > > > > How to connect to the application via ssh (using ssh portforwarding.) > > > > Thanks and Regards, > > Jc > > > > ssh -L 5566:localhost:5566 userid@remotehost > > telnet localhost 5566 On 9 Jan 2007 23:38:46 -0800 "Jc" <ramschitra@gmail.com> wrote: > Hi, > Thanks. It works. > But what happens is it directly logged into the remotehost which I > don't want. I want the user to get only the info through the port 5566 > (ssh)...

SSH
Having got SSH working on my Solaris 2.8 Ultra (Thanks list) I now have a question regarding making the port a bit more secure. Almost as soon as 22 was opened on the firewall I saw an attempt to get in from North Korea :-( What I have done so far is to: Move the port from 22 to above 1024. Turn off allowing root. Turn off password checking so you have to have a known rsa key. Is this enough or can I improve on this? TIA -- Regards Dave Saville NB Remove no-spam- for good email address "Dave Saville" <dave@no-spam-deezee.org> writes: >Having got SSH working on my...

Web resources about - port forwarding for multiple ports - comp.security.ssh

Call forwarding - Wikipedia, the free encyclopedia
Call forwarding , or call diversion , is a telephony feature of some telephone switching systems which redirects a telephone call to another ...

Facebook Messenger For IOS Adds Groups, Message Forwarding
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Choice urges IP spoofing for better IT prices - Parliament, House, prices, iTunes, guide, US forwarding ...
Consumers should spoof their IP address and use US forwarding addresses to beat high IT prices in Australia, consumer advocacy group Choice said. ...

Martin Taupau email mix-up highlights legal risks of forwarding misdirected message
An incredible email mix-up gave a Canadian theatre critic a cracking NRL scoop &ndash; and potentially a legal headache.

VPN Routing & Forwarding Instance_网络子站_IT专家网
VRF-VPN路由转发实例(VPN Routing & Forwarding Instance) VPN Routing & Forwarding Instance

Facebook Messenger updated to version 4.0 with groups and message forwarding
... 4.0 Groups: Now you can create groups for the people you message most. Name them, set group photos and keep them all in one place Forwarding: ...

Facebook Messenger For IOS Adds Groups, Message Forwarding - SocialTimes
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Sprint StarStar Me offers vanity phone numbers and controlled call forwarding
Sprint has kicked off a new add-on service today called StarStar Me. For $2.99/month, subscribers can register a new number that's accessed by ...


Facebook Messenger 4.0 Features Easy Group Creation And Message Forwarding
... , its messaging-focused app, to version 4.0 on iOS. Facebook Messenger 4.0 introduces a couple of significant new features: groups and forwarding. ...

Resources last updated: 3/7/2016 9:55:58 PM