f



ssh remote port forwarding

Hello experts,

I have a little problem using ssh and remote port forwarding.  Here is 
the problem: I have one machine (A) behind a nat firewall that I'd like 
to be able to access from the outside via ssh.  Unfortunately I have no 
control over the router, so no DMZing it.

So I was thinking of sshing from machine A behind the firewall to a 
machine outside the nat (machine B) and using reverse port forwarding on 
that machine.  Then I could ssh to machine B and that would then forward 
the connection to A.

so far I run this on A:
sudo ssh -g -N -R 2222:127.0.0.1:22 machineBusername@machineB.something

then running the following in the outside world:
ssh -p 2222 machineAusername@machineB.something

yields a time out.

I'm a bit confused on how to get this to work.  Is what I want to do 
pricipally possible and if so, what can I do to make it work?

Regards,

Sven.




--
s v e n (dot) d (dot) m e i e r (at) g m x (dot) n e t
0
Sven
4/3/2006 9:34:09 PM
comp.unix.bsd.freebsd.misc 13187 articles. 1 followers. Post Follow

2 Replies
222 Views

Similar Articles

[PageSpeed] 38

In article <e0s4cl$dua$1@dennis.cc.strath.ac.uk> Sven <no@spam.com> writes:
>
>I have a little problem using ssh and remote port forwarding.  Here is 
>the problem: I have one machine (A) behind a nat firewall that I'd like 
>to be able to access from the outside via ssh.  Unfortunately I have no 
>control over the router, so no DMZing it.
>
>So I was thinking of sshing from machine A behind the firewall to a 
>machine outside the nat (machine B) and using reverse port forwarding on 
>that machine.  Then I could ssh to machine B and that would then forward 
>the connection to A.

Hopefully you have the consent of those running the firewall for this -
none of my business, but you could get into trouble if you don't.

>so far I run this on A:
>sudo ssh -g -N -R 2222:127.0.0.1:22 machineBusername@machineB.something
>
>then running the following in the outside world:
>ssh -p 2222 machineAusername@machineB.something
>
>yields a time out.

By default connections for remote-forwarded ports are only accepted on
the loopback address - i.e. you basically need to be logged in on
machine B first. The -g that you gave on the commandline applies only to
local-forwarded ports, for somewhat obvious reason the behaviour of the
server in this respect cannot be controlled by the client - but the
server beahaviour can be changed via the GatewayPorts setting in
sshd_config (assuming OpenSSH). However if you're looking at allowing
connections from anywhere in the world through the "hole in the
firewall" that you've created, you should *definitely* talk to the
firewall people first...

--Per Hedeland
per@hedeland.org
0
per
4/3/2006 10:30:07 PM
Per Hedeland wrote:
> In article <e0s4cl$dua$1@dennis.cc.strath.ac.uk> Sven <no@spam.com> writes:
> 
>>I have a little problem using ssh and remote port forwarding.  Here is 
>>the problem: I have one machine (A) behind a nat firewall that I'd like 
>>to be able to access from the outside via ssh.  Unfortunately I have no 
>>control over the router, so no DMZing it.
>>
>>So I was thinking of sshing from machine A behind the firewall to a 
>>machine outside the nat (machine B) and using reverse port forwarding on 
>>that machine.  Then I could ssh to machine B and that would then forward 
>>the connection to A.
> 
> 
> Hopefully you have the consent of those running the firewall for this -
> none of my business, but you could get into trouble if you don't.
> 
> 
>>so far I run this on A:
>>sudo ssh -g -N -R 2222:127.0.0.1:22 machineBusername@machineB.something
>>
>>then running the following in the outside world:
>>ssh -p 2222 machineAusername@machineB.something
>>
>>yields a time out.
> 
> 
> By default connections for remote-forwarded ports are only accepted on
> the loopback address - i.e. you basically need to be logged in on
> machine B first. The -g that you gave on the commandline applies only to
> local-forwarded ports, for somewhat obvious reason the behaviour of the
> server in this respect cannot be controlled by the client - but the
> server beahaviour can be changed via the GatewayPorts setting in
> sshd_config (assuming OpenSSH). However if you're looking at allowing
> connections from anywhere in the world through the "hole in the
> firewall" that you've created, you should *definitely* talk to the
> firewall people first...
> 
> --Per Hedeland
> per@hedeland.org

Per, thanks for the help.  I will have to tweak sshd_config then.  Don't 
worry I will talk to my sysadmins before doing so.

Sven.
0
Sven
4/4/2006 10:32:44 AM
Reply:

Similar Artilces:

Prevent blocking remote port when setting up a SSH tunnel/SSH port forwarding?
Assume I create an SSH tunnel to a remote computer with ssh foobar@remcomp -L 20110:remcomp:110 then it seems to me that on the remote computer port 110 is blocked for other clients. Is this true? How can I prevent this exclusive locking? Peter pins1000@yahoo.com (Peter Insold) writes: > Assume I create an SSH tunnel to a remote computer with > > ssh foobar@remcomp -L 20110:remcomp:110 > > then it seems to me that on the remote computer port 110 is blocked for other > clients. Is this true? No. DES -- Dag-Erling Smørgrav - des@des.no...

remote/reverse port forward, ssh client setting source IPs to what ssh server reports
Note: most of this post is based on OpenSSH When I do a remote forward (port on server listens for incoming traffic, traffic gets forwarded to port that is listening on client), the source IPs of all the incoming connections in the server app on the client machine are 127.0.0.1/localhost. Using "-v", I can see that sshd passes the IP addresses of what computers connected to the sshd's port that forwards to the client. The client does not use/set the originating information when connect. RFC 4254 requires the server send the originating IP across the wire to the client. ---------...

I have a question about Remote port forwarding in SSH
Hi, I am trying do remote port forwarding in SSH and make the forwarded port available over a network. One machine, S, is behind a firewall and I can ssh out, but not ssh in. I can connect using a VPN which only works with Windoze. The other machine, H, is behind a different firewall, and it can SSH in or out. So I what I do is connect to the machine S from the machine H and then give the command: user@S$ ssh -R22222:localhost:22 H Then, on the machine H, I give the command user@H$ ssh -p 22222 localhost and I am connected. Using public key authentication, I don't need to ...

What is the difference between local port forwarding (-L) and remote port forwarding (-R)
Hi! I need to do an SSH tunnel to encrypt the data sent between an agent and a the server. I'm able to establish a tunnel but there's something that I can't understand... What is the difference between the bit -L and the bit -R. I've read the man of SSH on Fedora. It's seems to be simple but in practice, I don't understand. Can somebody help me on this subject? Thanks a lot! Yann > What is the difference between the bit -L and the bit -R. -L forwards a port from the client to the server. -R forwards a port from the server to the client. -- To reply by email,...

Question concerning remote port-forwarding with SSH
I have difficulties to find out when I should use SSH remote port-forwarding e.g. ssh sshserver -R 7777:localhost:110 Notice the -R and instead of -L This would cause a data traffic (with the syntax: in-port:machine:out-port): MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) Are the following statement correct: - Use remote port-forwarding (-R) when the connection between SSH-Server and ApplicationServer (e.g.MailServer) should be encrypted - Use "normal" port-forwarding (-L) when the connection between App...

ssh port forward
Hi, Im trying to set up ssh local port forward. But I dont know the ports to connect to on the remote machine beforehand. Is it possible to setup forward for a range of ports? thanks rc You can specify multiple ports to forward on the command line, or establish a VPN if you have the need for UDP. See: http://www.securitybulletins.com/mediawiki/index.php/SSH_Tunnelling for info on both types. Doug On 21 Nov 2006 15:57:54 -0800 chandranramesh@gmail.com wrote: > Hi, > > Im trying to set up ssh local port forward. > But I dont know the ports to connect to on the remote ma...

Port Forwarding and Multiple SSH Servers
Behind my firewall I have several SSH servers that I connect to with something like: ssh -p xx user@firewall_IP_address and then the firewall forwards it to the correct server, generally running some version of Linux. The problem is this error message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA h...

remote host access on a remote forwarded port
Hi, I tried to connect my home lan to my office. So I want to use VNC in order to forward only one port. Because of the firewall of my office(I don't manage), I want to create a tunnel by this way : LAN(OFFICE)->OFFICE_FIREWALL->(INTERNET)->HOME_FIREWALL->LAN(HOME) to be able to use VNC by this way : VNCClient(HOME)->(tunnel)->VNCServer(OFFICE) I use port 443 to bypass the firewall of my office. So I use the commands : OFFICE: ssh -g -R 5900:VNCServer:5900 -p 443 HOME_FIREWALL HOME: vncclient HOME_FIREWALL But it looks like if the -g option doesn't work wit...

port tunneling over ssh (not port-forwarding in the traditional sense)
Does anybody know of a way to do port forwarding over ssh not using the standard ssh functionality, but rather by running a utility on the server and using a special client that forwards data through the terminal session. I think PPP and slirp would do the job, but I would prefer to have a standalone client that exists solely to forward one (or several) ports, rather than acting as my main network connection. > Does anybody know of a way to do port forwarding over ssh not using the > standard ssh functionality, but rather by running a utility on the server > and using a spe...

Ports for DB2 behind firewall / ssh port forward
hi newsgroup, I'd like to connect to a remote DB2 Database V 8.2 using the "DB2 Steuerzentrale" (I guess it's called something like "DB2 management console" in the English version). Since the database host is behind a firewall I tried to communicate through ssh port forwarding. Therefore, I run: ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L 50001:remotename:50001 -L 523:remotename:523 remotename Though the ssh connection is established, my "DB2 Steuerzentrale" won't connect to localhost successfully and shows an error num...

To Port Forward or Not To Port Forward
System: DP MDD G4, OS 10.4.9 Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3 connected wirelessly, basic home use only Wireless security is very basic: Unique router name and pw, SSID disabled, and connections allowed by MAC addresses only, Linksys firewall is enabled with all the other features set to their defaults, Mac OS firewall is disabled I recently purchased a Logitec QuickCam Pro 5000 webcam that works just fine with iChat right out of the box. Learning how to use it I found some Apple docs and ot...

Warning: remote port forwarding failed for listen port 4043
I have a script that does a port forwarding for me: ssh -n -R localhost:4043:localhost:22 remoteserver.example.com The problem with this is that if port forwarding fails, ssh prints Warning: remote port forwarding failed for listen port 4043 But it STAYS CONNECTED instead of properly failing with exit code. So it is a MAJOR pain to detect this condition and kill ssh. How can I change is so that, when report port forwarding cannot be accomplished, ssh exits right away? I think that it is a bug, period. thanks i >>>>> "Ignoramus3694" == Ignoramus3694 <...

Forward only some ports through ssh
Hello, Is it possible to forward only some ports (cvs and mysql for example) through ssh using the authorized_keys. Thank you. ...

ssh port forwarding
Hello, I am trying to get access to a friends' computer via ssh. Unfortunately, his computer is behind a router which doesn't support NAT (Network Adress Translation). Consequently, I cannot connect directly on his computer using a command like "ssh user@ip_adress" because his router is blocking me. Then, I got the idea that perhaps if my friend would start a ssh connection from HIS computer to MINE, and then somehow by tunneling I would be able to get access to his computer. But after having read the manpages of ssh and something on the internet, I must state that I do n...

ssh port forwarding
Hello! Please, explain me where I'm wrong. I have two machines with linux and FreeBSD and I desire to have a secure tunel for HTTP between them. So I make it in the following way: linux@lunc:~$ ssh -2 -L 1234:localhost:6661 lunc@freebsd freebsd@lunc|~$ and afer that I tried to make following HTTP request "http://localhost:1234/" on my linux box by Firefox browser. However, I saw by tcpdump that http wasn't tuneled: linux@root# tcpdump -X -s 128 -v port 6661 ......... 19:47:07.980462 IP (tos 0x0, ttl 64, id 62776, offset 0, flags [DF], proto: TCP (6), le...

SSH and forwarding port
Hi, I want to use SSH from my work desk to the client site for doing some diagnosis on electronic systems. The network will be like that: One PC at work desk with ssh client on private LAN. SSH client is configured for forwarding port 9000 for example (in fact, my diagnosis application). A firewall accept the outgoing connection by port 22. At the client site, one PC with SSH server. The connection to Internet will be by DSL link and some servers (diagnosis servers) will be connected on the Ethernet private network on site (by Ethernet connection on the SSH server PC). My question is this o...

ssh, port forwarding
Does anyone know why ssh connections use seemingly random port numbers? At least it appears that way in a tcpdump output: "192.168.1.201:61032 > 192.168.1.1.ssh", or "192.168.1.1.ssh > 192.168.1.201.56365" ...and others. I'm trying to ssh in to .201 from the WAN. .1 is running a nat- enabled firewall (FreeBSD 7.0, natd, ipfw) and is configured to forward port 2222 to 192.168.1.201:22. But I cannot connect, and I've narrowed the problem down to my firewall, which only has 22, 67, 80, and 2222 open for incoming connections. Is there a specific range I sho...

SSH Port forwarding
Hi All, I am running an application over telnet interface on port say 5566 So I generally connect telnet <hostname> 5566. How to connect to the application via ssh (using ssh portforwarding.) Thanks and Regards, Jc Jc wrote: > Hi All, > > I am running an application over telnet interface on port say 5566 > So I generally connect telnet <hostname> 5566. > > How to connect to the application via ssh (using ssh portforwarding.) > > Thanks and Regards, > Jc > ssh -L 5566:localhost:5566 userid@remotehost telnet localhost 5566 Hi, Thanks. It wo...

Remote Port Forwarding
Hello group, I've been trying the past few days now to set up remote port forwarding. I've been seeing other people ask this question but never any solutions. My scenerio that I am trying to accomplish is as follows: Home Computer - Home FW - Internet - Work SSH Server <- VNC Viewer Workstation Home Computer opens a plink ssh session to my Work ssh server and establishes Port forwarding. plink -l testuser -R 5900:localhost:5900 ip_of_remote_server When I open VNC and attempt a connection to the Work SSH Server, the connection fails. I try doing verbose mode for the ssh c...

SSH and Port Forwarding
I'm running SSHWindows (sshd) on a Win2k server on port 2345. From a client I can connect using "ssh -p 2345 Administrator@server" just fine. I also have VNC running on this server at port 5900. I can configure port forwarding by typing "ssh -p 2345 -L 1234:server:5900 Administrator@server" and then connect to localhost::1234 on the client to establish a VNC connection. Now I assumed that the only port needing to be opened on my firewall would be port 2345 but I'm finding that this doesn't work unless I also open port 5900. I'm guessing that'...

ssh port forwarding
Hi all, I want to use ssh port forwarding to make a secure channel between client and server CVS. I had find a lot of info about how to setup port forwarding without a remote login in a client (using -f option) but I do not want to setup that in the client side but I want to setup it only in the server side. In this way any client, without specify -f option, can use port forwarding without a remote login. Someone know how to setup that?? Thanks, Johnny Johnny Choque wrote: > Hi all, > > I want to use ssh port forwarding to make a secure channel between client > and server CVS. I had find a lot of info about how to setup port forwarding > without a remote login in a client (using -f option) but I do not want to > setup that in the client side but I want to setup it only in the server > side. In this way any client, without specify -f option, can use port > forwarding without a remote login. > > Someone know how to setup that?? I think you are misreading the -f option, it doesn't allow you to use ssh without having a login on the server, it puts the login in the background. Not the same thing. -- -bill davidsen (davidsen@tmr.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me ...

ssh.com v3.2.9.1 slow performance with ftp over ssh port forwarding?
Hi, i am using a ssh port forwarded tunnel to secure a ftp connection between 2 linux boxes. both run the same ssh version, mentioned in subject. what i do is: ssh -l username remotehost -L ftp/10001:localhost:21 ftp/ should ensure that the data channel is encrypted via the tunnel as well, not only the control channel. anyways, i got a 3 mbit dsl line here, and am not able to get more than 210KByte/sec over the forwarded ftp connection. i treid the same setup to other machines as well, same results. i tried changing the ciphers, performance stays the same. i mean i would expect some overh...

Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to use port 8000 - Router's IP addr = 1.0.0.1, and it's port forwarding is set up to forward port 8000 to 10.0.140. - I can view the camera using 10.0.0.140:8000, no problem. The Question: Should I be able to view the camera using 10.0.0.1:8000? -- PeteCresswell On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid> wrote: > - Webcam's IP addr = 10.0.0.140, and it's set up to > use port 8000 > > - Router's IP addr = 1.0.0.1, and...

SSH port forwarding with Cygwin
I'm trying to use my Windows box as a tunnel to a remote host. On my Windows box I'm running Cygwin SSH like this: me@WINDOWS> ssh -g -L 6789:remote.host.com:22 From my Windows box I can connect to the remote host: me@WINDOWS> ssh -p 6789 me@localhost logs into remote.host.com successfully. The IP of my Windows box is 192.168.131.100. If I use my machine's IP address instead of "localhost", it doesn't work: me@LOCAL_WINDOWS> ssh -vvv -p 6789 me@192.168.131.100 OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configur...

Web resources about - ssh remote port forwarding - comp.unix.bsd.freebsd.misc

Call forwarding - Wikipedia, the free encyclopedia
Call forwarding , or call diversion , is a telephony feature of some telephone switching systems which redirects a telephone call to another ...

Facebook Messenger For IOS Adds Groups, Message Forwarding
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Choice urges IP spoofing for better IT prices - Parliament, House, prices, iTunes, guide, US forwarding ...
Consumers should spoof their IP address and use US forwarding addresses to beat high IT prices in Australia, consumer advocacy group Choice said. ...

Martin Taupau email mix-up highlights legal risks of forwarding misdirected message
An incredible email mix-up gave a Canadian theatre critic a cracking NRL scoop &ndash; and potentially a legal headache.

VPN Routing & Forwarding Instance_网络子站_IT专家网
VRF-VPN路由转发实例(VPN Routing & Forwarding Instance) VPN Routing & Forwarding Instance

Facebook Messenger updated to version 4.0 with groups and message forwarding
... 4.0 Groups: Now you can create groups for the people you message most. Name them, set group photos and keep them all in one place Forwarding: ...

Facebook Messenger For IOS Adds Groups, Message Forwarding - SocialTimes
Facebook released version 4.0 of its Messenger application for iOS , and the major additions were the ability to create groups , and the ability ...

Sprint StarStar Me offers vanity phone numbers and controlled call forwarding
Sprint has kicked off a new add-on service today called StarStar Me. For $2.99/month, subscribers can register a new number that's accessed by ...


Facebook Messenger 4.0 Features Easy Group Creation And Message Forwarding
... , its messaging-focused app, to version 4.0 on iOS. Facebook Messenger 4.0 introduces a couple of significant new features: groups and forwarding. ...

Resources last updated: 2/25/2016 7:25:52 PM