Prevent blocking remote port when setting up a SSH tunnel/SSH port forwarding?
Assume I create an SSH tunnel to a remote computer with
ssh foobar@remcomp -L 20110:remcomp:110
then it seems to me that on the remote computer port 110 is blocked for other
clients. Is this true?
How can I prevent this exclusive locking?
firstname.lastname@example.org (Peter Insold) writes:
> Assume I create an SSH tunnel to a remote computer with
> ssh foobar@remcomp -L 20110:remcomp:110
> then it seems to me that on the remote computer port 110 is blocked for other
> clients. Is this true?
Dag-Erling Smørgrav - email@example.com...Ports for DB2 behind firewall / ssh port forward
I'd like to connect to a remote DB2 Database V 8.2 using the "DB2
Steuerzentrale" (I guess it's called something like "DB2 management console"
in the English version). Since the database host is behind a firewall I
tried to communicate through ssh port forwarding.
Therefore, I run:
ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L
50001:remotename:50001 -L 523:remotename:523 remotename
Though the ssh connection is established, my "DB2 Steuerzentrale" won't
connect to localhost successfully and shows an error num...port tunneling over ssh (not port-forwarding in the traditional sense)
Does anybody know of a way to do port forwarding over ssh not using the
standard ssh functionality, but rather by running a utility on the server
and using a special client that forwards data through the terminal session.
I think PPP and slirp would do the job, but I would prefer to have a
standalone client that exists solely to forward one (or several) ports,
rather than acting as my main network connection.
> Does anybody know of a way to do port forwarding over ssh not using the
> standard ssh functionality, but rather by running a utility on the server
> and using a spe...forwarding a port-range over ssh automaticly
i need to forward a port-range eg. 5000-5100 to allways chaanged ips.
socks connection cann forward everything. i need from ssh to do the same.
its not so easy to type all this ports, but its makeable. to config the
always changing target-host is imposible.
i would very thankfull if someone finds out how to do this.
Yazay Eminaga <firstname.lastname@example.org> writes:
>i need to forward a port-range eg. 5000-5100 to allways chaanged ips.
>socks connection cann forward everything. i need from ssh to do the same.
Many SSH clients can present a local SOCKS proxy for on-the-fly po...FTP port forwarding in SSH.. Secure??
I was trying the "FTP Port Forwarding"
to secure the FTP transfer). I really like it, but I have a question:
On the unix manual pages (man ssh2), the description of the "-L"
option indicates that part of the connection is not secure when you
use FTP Port Forwarding, could someone please explain me what part is
not secure? Is it referring to the FTP data which is non-encrypted
inside the tunnel? Below is text from manual
page for F-Secure SSH2
I have a linksys WRT54G wireless access point and I have't been able to get
voice communications using Windows Messenger or Buddy Talk. With a direct
PPOE connection to my isp they voice items worked fine. What ports need to
be forwarded to allow for voice?
On Fri, 08 Aug 2003 15:05:30 GMT, William Harper spoketh
>I have a linksys WRT54G wireless access point and I have't been able to get
>voice communications using Windows Messenger or Buddy Talk. With a direct
>PPOE connection to my isp they voice items worked fine. What ports need to
>be forwarded...remote/reverse port forward, ssh client setting source IPs to what ssh server reports
Note: most of this post is based on OpenSSH
When I do a remote forward (port on server listens for incoming
traffic, traffic gets forwarded to port that is listening on client),
the source IPs of all the incoming connections in the server app on
the client machine are 127.0.0.1/localhost. Using "-v", I can see that
sshd passes the IP addresses of what computers connected to the sshd's
port that forwards to the client. The client does not use/set the
originating information when connect. RFC 4254 requires the server
send the originating IP across the wire to the client.
7.2. TCP/IP Forwarding Channels
When a connection comes to a port for which remote forwarding has
been requested, a channel is opened to forward the port to the
uint32 sender channel
uint32 initial window size
uint32 maximum packet size
string address that was connected
uint32 port that was connected
###string originator IP
uint32 originator port
The 'originator IP address' is the numeric IP address of the
from where the conn...ssh.com v22.214.171.124 slow performance with ftp over ssh port forwarding?
i am using a ssh port forwarded tunnel to secure a ftp connection between 2
both run the same ssh version, mentioned in subject.
what i do is:
ssh -l username remotehost -L ftp/10001:localhost:21
ftp/ should ensure that the data channel is encrypted via the tunnel as
well, not only the control channel.
anyways, i got a 3 mbit dsl line here, and am not able to get more than
210KByte/sec over the forwarded ftp connection. i treid the same setup to
other machines as well, same results. i tried changing the ciphers,
performance stays the same. i mean i would expect some overh...Forward only some ports through ssh
Is it possible to forward only some ports (cvs and mysql for example)
through ssh using the authorized_keys.
...ssh port forwarding
Please, explain me where I'm wrong.
I have two machines with linux and FreeBSD and I desire to have a
secure tunel for HTTP between them. So I make it in the following way:
linux@lunc:~$ ssh -2 -L 1234:localhost:6661 lunc@freebsd
and afer that I tried to make following HTTP request
"http://localhost:1234/" on my linux box by Firefox browser. However, I
saw by tcpdump that http wasn't tuneled:
linux@root# tcpdump -X -s 128 -v port 6661
19:47:07.980462 IP (tos 0x0, ttl 64, id 62776, offset 0, flags [DF],
proto: TCP (6), le...SSH Port forwarding
I am running an application over telnet interface on port say 5566
So I generally connect telnet <hostname> 5566.
How to connect to the application via ssh (using ssh portforwarding.)
Thanks and Regards,
> Hi All,
> I am running an application over telnet interface on port say 5566
> So I generally connect telnet <hostname> 5566.
> How to connect to the application via ssh (using ssh portforwarding.)
> Thanks and Regards,
ssh -L 5566:localhost:5566 userid@remotehost
telnet localhost 5566
Thanks. It works.
But what happens is it directly logged into the remotehost which I
don't want. I want the user to get only the info through the port 5566
Thanks in advance,
> Jc wrote:
> > Hi All,
> > I am running an application over telnet interface on port say 5566
> > So I generally connect telnet <hostname> 5566.
> > How to connect to the application via ssh (using ssh portforwarding.)
> > Thanks and Regards,
> > Jc
> ssh -L 5566:localhost:5566 userid@remotehost
> telnet localhost 5566
On 9 Jan 2007 23:38:46 -0800
"Jc" <email@example.com> wrote:
> Thanks. It works.
> But what happens is it directly logged into the remotehost which I
> don't want. I want the user to get only the info through the port 5566
> (ssh)...SSH and forwarding port
I want to use SSH from my work desk to the client site for doing some
diagnosis on electronic systems. The network will be like that:
One PC at work desk with ssh client on private LAN. SSH client is configured
for forwarding port 9000 for example (in fact, my diagnosis application). A
firewall accept the outgoing connection by port 22.
At the client site, one PC with SSH server. The connection to Internet will
be by DSL link and some servers (diagnosis servers) will be connected on
the Ethernet private network on site (by Ethernet connection on the SSH
My question is this o...SSH
Having got SSH working on my Solaris 2.8 Ultra (Thanks list) I now have
a question regarding making the port a bit more secure. Almost as soon
as 22 was opened on the firewall I saw an attempt to get in from North
What I have done so far is to:
Move the port from 22 to above 1024.
Turn off allowing root.
Turn off password checking so you have to have a known rsa key.
Is this enough or can I improve on this?
NB Remove no-spam- for good email address
"Dave Saville" <firstname.lastname@example.org> writes:
>Having got SSH working on my...SSH and Port Forwarding
I'm running SSHWindows (sshd) on a Win2k server on port 2345. From a client
I can connect using "ssh -p 2345 Administrator@server" just fine. I also
have VNC running on this server at port 5900. I can configure port
forwarding by typing "ssh -p 2345 -L 1234:server:5900 Administrator@server"
and then connect to localhost::1234 on the client to establish a VNC
Now I assumed that the only port needing to be opened on my firewall would
be port 2345 but I'm finding that this doesn't work unless I also open port
5900. I'm guessing that'...ssh port forwarding
I am trying to get access to a friends' computer via ssh. Unfortunately, his
computer is behind a router which doesn't support NAT (Network Adress
Translation). Consequently, I cannot connect directly on his computer using
a command like "ssh user@ip_adress" because his router is blocking me.
Then, I got the idea that perhaps if my friend would start a ssh connection
from HIS computer to MINE, and then somehow by tunneling I would be able to
get access to his computer. But after having read the manpages of ssh and
something on the internet, I must state that I do n...ssh, port forwarding
Does anyone know why ssh connections use seemingly random port
numbers? At least it appears that way in a tcpdump output:
"192.168.1.201:61032 > 192.168.1.1.ssh", or "192.168.1.1.ssh >
192.168.1.201.56365" ...and others.
I'm trying to ssh in to .201 from the WAN. .1 is running a nat-
enabled firewall (FreeBSD 7.0, natd, ipfw) and is configured to
forward port 2222 to 192.168.1.201:22. But I cannot connect, and I've
narrowed the problem down to my firewall, which only has 22, 67, 80,
and 2222 open for incoming connections. Is there a specific range I
should open up, e.g. 45000-65535 ?
I would appreciate any insight...
Steven Borrelli <email@example.com> wrote:
> Does anyone know why ssh connections use seemingly random port
> numbers? At least it appears that way in a tcpdump output:
> "192.168.1.201:61032 > 192.168.1.1.ssh", or "192.168.1.1.ssh >
> 192.168.1.201.56365" ...and others.
TCP connections have two port numbers. The one on the client end, and
the one on the server end.
It's common to not specify a port for the client and have the OS pick
one for the connection, and specify only the one on the server. That's
what SSH is goind. This tells us that the 1.1.ssh side is the server
side, and the 1.201.xxx side is the client.
> I'm trying to ssh in to .201 from the WAN. .1 is running a nat-
> enabled firewall (FreeBSD 7.0, natd, ipfw) an...ssh port forwarding
I want to use ssh port forwarding to make a secure channel between client
and server CVS. I had find a lot of info about how to setup port forwarding
without a remote login in a client (using -f option) but I do not want to
setup that in the client side but I want to setup it only in the server
side. In this way any client, without specify -f option, can use port
forwarding without a remote login.
Someone know how to setup that??
Johnny Choque wrote:
> Hi all,
> I want to use ssh port forwarding to make a secure channel between client
> and server CVS. I had find a lot of info about how to setup port forwarding
> without a remote login in a client (using -f option) but I do not want to
> setup that in the client side but I want to setup it only in the server
> side. In this way any client, without specify -f option, can use port
> forwarding without a remote login.
> Someone know how to setup that??
I think you are misreading the -f option, it doesn't allow you to use
ssh without having a login on the server, it puts the login in the
background. Not the same thing.
-bill davidsen (firstname.lastname@example.org)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
...Port forwarding ranges of ports in IOS
Is this possible? For instance, I want to port forward inbound a VoIP
providers UDP ports (e.g. 16000 16500). I cannot find anything about
how to do this so I'm thinking it's not possible.
On Aug 25, 7:23 am, locken...@gmail.com wrote:
> Is this possible? For instance, I want to port forward inbound a VoIP
> providers UDP ports (e.g. 16000 16500). I cannot find anything about
> how to do this so I'm thinking it's not possible.
you can use the 'range' parameter in the access list's command, i.e.:
access-list 100 permit ud...Why is port forwarding more secure than opening up a port?
I have never understood this very well, here is my current grasp of it..
If I open up port 110 on my router:
1. If hacker is probing random IP addresses on that port, I will be flagged
as open and he will come back and pay me a visit.
2. Any Trojans, viruses, or other malware that works its way into PCs via
port 110 will eventually stumble across my open port and infect me.
Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server
1. If hacker is probing random IP addresses on that port, will I will be
flagged as closed? stealthed? worth a second visit?...Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to
use port 8000
- Router's IP addr = 126.96.36.199, and it's port forwarding is set
up to forward port 8000 to 10.0.140.
- I can view the camera using 10.0.0.140:8000, no problem.
The Question: Should I be able to view the camera using
On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid>
> - Webcam's IP addr = 10.0.0.140, and it's set up to
> use port 8000
> - Router's IP addr = 188.8.131.52, and...ssh tunnel to non-standard ssh port
I have an instance where I am wanting to connect to a remote server
which has ssh listening on a non-standard port (22170). I cannot
create a ssh tunnel without ssh also listening to port 22 or have no
port assigned -- I also have to open port 22 on my firewall.
Is there a way that I can create a ssh tunnel to a remote server which
has ssh listening on a non-standard port? Here is my tunnel command:
ssh -f -N -R 22170:localhost:22 email@example.com
Am Mon, 20 Aug 2007 04:03:38 -0700 schrieb gmac63:
> I have an instance where I am wanting to connect to a remote server
> whi...To Port Forward or Not To Port Forward
System: DP MDD G4, OS 10.4.9
Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
connected wirelessly, basic home use only
Wireless security is very basic: Unique router name and pw, SSID
disabled, and connections allowed by MAC addresses only, Linksys
firewall is enabled with all the other features set to their defaults,
Mac OS firewall is disabled
I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
fine with iChat right out of the box. Learning how to use it I found
some Apple docs and ot...SSH port forwarding/tunneling
I've got a question about port forwarding....
I have a machine that will be located remotely. I have ssh installed
on this machine. I cannot install any sort of VPN on this machine.
The machine will be behind a firewall, so I need a way to access this
What I'd like to do is set up a persistent ssh connection to my server,
and then portforward back through this connection so I can connect to the
ssh server on the machine.....
One more time:
machine A is at my desk.
machine B is far, far away.
Machine B connects to machine A via ssh, forwarding some port that
connects b...WRT54GS and port forwarding ssh
I've got a WRT54GS that I just upgraded to HyperWRT 1.21 Beta 1. I'm
having a problem. I can't seem to get port forwarding to work on my
router, either before or after the upgrade. I've got a linux box as my
machine and I'm trying to port forward ssh and a HTTP server on port
1000. I've set up the router to forward those ports, enabled them saved
the configuration, all of that, but I can't connect to the ports at all
on the IP assigned to the router by my provide. I use Charter as my
provider, and they tell me they don't block any ports from their end.