Question about remote ssh tunnelling. - SSH

This is a discussion on Question about remote ssh tunnelling. - SSH ; Hello, A firewall between SERVER and CLIENT only allows TCP port 22 from SERVER to CLIENT (but not viceversa!) SERVER -------22------> CLIENT What I would like to achieve via ssh tunnelling is to send TCP port 1984 traffic from CLIENT ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Question about remote ssh tunnelling.

  1. Question about remote ssh tunnelling.

    Hello,


    A firewall between SERVER and CLIENT only allows TCP port 22 from
    SERVER to CLIENT (but not viceversa!)

    SERVER -------22------> CLIENT

    What I would like to achieve via ssh tunnelling is to send TCP port
    1984 traffic from CLIENT to SERVER:
    (with SERVER listening on port 1984, of course)

    SERVER <-----1984------ CLIENT

    Q1. Is this doable, in the first place?
    Q2. If yes, how do I do it?

    By reading the ssh man page on either boxes (Solaris 9), my
    understanding was that I had to go this way:

    [SERVER]$ ssh -R 1984:SERVER:1984 CLIENT

    But that didn't quite work ;-(
    What did I do wrong?

    Thanks in advance for your help.


    Loris


  2. Re: Question about remote ssh tunnelling.

    Ciccio wrote:

    > By reading the ssh man page on either boxes (Solaris 9), my
    > understanding was that I had to go this way:
    >
    > [SERVER]$ ssh -R 1984:SERVER:1984 CLIENT


    This looks alright to me.

    > But that didn't quite work ;-(


    What exactly "didn't quite work"?

    Paul

  3. Re: Question about remote ssh tunnelling.

    Hi Paul, now THAT was quick! ;-)

    Ok, on my CLIENT, if I run
    telnet localhost 1984
    or
    telnet 127.0.0.1 1984
    I get "connection refused" straight away.

    If I run (always onthe client)
    telnet SERVER 1984
    it stays there a while, then returns:
    telnet: Unable to connect to remote host: Connection timed out

    What am I doing wrong?


  4. Re: Question about remote ssh tunnelling.

    Ciccio wrote:

    > Ok, on my CLIENT, if I run
    > telnet localhost 1984
    > or
    > telnet 127.0.0.1 1984
    > I get "connection refused" straight away.


    And if you run `telnet SERVER 1984` on the server? ("SERVER" being the
    ip address or hostname of the -R parameter.)

    Paul

  5. Re: Question about remote ssh tunnelling.

    that works ok (of course...)
    (same as doing netstat -an | grep 1984, which shows that 1984 is
    LISTENING)

    Is there any way/tool/technique to help troubleshooting this, that you
    are aware of?

    Thanks

    Loris


  6. Re: Question about remote ssh tunnelling.

    Ciccio wrote:
    > Hi Paul, now THAT was quick! ;-)
    >
    > Ok, on my CLIENT, if I run
    > telnet localhost 1984
    > or
    > telnet 127.0.0.1 1984
    > I get "connection refused" straight away.


    This sounds suspiciously like SERVER is somehow blocking access to
    port 1984. Make sure your SERVER is not running some firewall rule
    or tcp wrapper rule that is preventing things from working...

    --
    ------------------------------------------------------------------------------
    Tim Daneliuk
    tundra@tundraware.com
    http://www.tundraware.com/PGP

  7. Re: Question about remote ssh tunnelling.

    Hi Tim,

    [SERVER]$ netstat -an | grep 1984 | grep LISTEN
    *.1984 *.* 0 0 65536 0
    LISTEN
    [SERVER]$

    There is no host-based firewall on SERVER, and tcp wrapper is not even
    installed.

    Other servers from different networks (for which pot 1984 on the
    firewall has been open) manage to connect perfectly.

    On both SERVER and CLIENT, in /etc/ssh/sshd_config I've changed
    AllowTCPForwarding to yes and killed -HUP sshd, but still no joy.

    What else can I try?

    Ciccio


  8. Re: Question about remote ssh tunnelling.

    Ciccio wrote:
    > Hi Tim,
    >
    > [SERVER]$ netstat -an | grep 1984 | grep LISTEN
    > *.1984 *.* 0 0 65536 0
    > LISTEN
    > [SERVER]$
    >
    > There is no host-based firewall on SERVER, and tcp wrapper is not even
    > installed.
    >
    > Other servers from different networks (for which pot 1984 on the
    > firewall has been open) manage to connect perfectly.
    >
    > On both SERVER and CLIENT, in /etc/ssh/sshd_config I've changed
    > AllowTCPForwarding to yes and killed -HUP sshd, but still no joy.
    >
    > What else can I try?
    >
    > Ciccio
    >


    I wonder if you need the -N flag on your initial ssh tunnel setup ...

    --
    ----------------------------------------------------------------------------
    Tim Daneliuk tundra@tundraware.com
    PGP Key: http://www.tundraware.com/PGP/

  9. Re: Question about remote ssh tunnelling.

    Great pointer Tim!

    Here is what worked for me:

    [SERVER]$ ssh -f -N -R 1984:SERVER:1984 CLIENT

    Believe it or not, I had tried that before but with all the options
    grouped (i.e. -fNR) and SunSSH didn't like it.

    Thnx 1Mb to Paul and Tim for your help, much appreciated.

    Ciccio


+ Reply to Thread