This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB8C37FCED8904F6F6504FF77
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Loris Serena wrote:
> Guys,
>=20
> I managed to get the following working:
>=20
> -----------------------------------------------------------------------=

-----------------------------
>=20
> A firewall between SERVER and CLIENT only allows TCP port 22 from
> SERVER to CLIENT (but not viceversa!)
>=20
> SERVER -------22------> CLIENT
>=20
> What I would like to achieve via ssh tunnelling is to send TCP port
> 1984 traffic from CLIENT to SERVER:
>=20
> SERVER <-----1984------ CLIENT
> -----------------------------------------------------------------------=

-------------------------------
>=20
>=20
> by running (on SERVER):
> $ ssh -f -N -R 1984:SERVER:1984 CLIENT
>=20
>=20
> Now I'd like to add the next (and last) bit of the configuration to the=


> picture:
>=20
> There is another firewall between CLIENT and GOOFY, again only allowing=


> TCP port 22 from CLIENT to GOOFY (and NOT viceversa!):
>=20
> SERVER -------22------> CLIENT -------22-------> GOOFY
>=20
> What I would like to achieve via ssh tunnelling is to send TCP port
> 1984 traffic from GOOFY to SERVER (through CLIENT):
>=20
> SERVER <-----1984----- CLIENT
> SERVER <----------------(CLIENT)----------1984------ GOOFY
>=20
> Please note that:
> a. the remote forwarding of 1984 from CLIENT to SERVER is already worki=

ng;
> b. there is no native process on CLIENT listening on port 1984.
>=20
> I ran `ssh -f -N -R 1984:127.0.0.1:1984 GOOFY` on CLIENT,
>=20
> but testing that with telnet from GOOFY, it failed as follows:
>=20
> [GOOFY]$ telnet localhost 1984
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>=20
>=20
> So, how do I do that?
> Any security issues I shold be aware of?
>=20
>=20
> Thanks in advance
>=20
> Ciccio
>=20

I've already had this problem when using putty and on some linux ssh
clients. The first tunnel works, but the tunnel inside the tunnel don't.
I solved it ensuring that the tunnel is an ipv4 one. So, instead of the
-R, -L or -D switches, you put the -4R, -4L and -4D switches. This way
you ensure that the tunnel will work. The problem i had was that ssh
tries to auto detect the ip version, and had problems detecting the ip
version when creating the tunnel inside other.

My regards,

--=20
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Inform=E1tica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85


--------------enigB8C37FCED8904F6F6504FF77
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFEdJoGer67q5wOa4URA3cvAKC2ZPRY0qDhPDo3eBG1zo/u+quZzgCeMxiC
Fz4VPbEGICK+7jF6LBE5YiE=
=B61p
-----END PGP SIGNATURE-----

--------------enigB8C37FCED8904F6F6504FF77--