Re: ssh tunnel problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-06-24 at 00:35 -0400, Rick Bilonick wrote:
> On Mon, 2008-06-23 at 16:35 -0500, Kevin Martin wrote:
> 
> > > I don't see this as confusing:
> > > 
> > > (on my.work.server which is behind a firewall that blocks incoming ssh
> > > but not outgoing ssh)
> > > 
> > >   
> > > > ssh -R 2022:my.work.server:22 me@xxxxxxxxxxxxx
> > > >     
> > > 
> > > where "my.work.server" is the IP address for my.work.server and
> > > "home.computer" is the IP address for my home.computer. This sets up the
> > > port forwarding for a reverse tunnel (that's the -R option). If on
> > > home.computer I do:
> > > 
> > >   
> > > > netstat -an | grep 2022
> > > >     
> > > 
> > > it shows that home.computer is listening to port 2022.
> > > 
> > > Then, to use the reverse tunnel (again on home.computer):
> > > 
> > >   
> > > > ssh -p 2022 accnt@localhost
> > > >     
> > > 
> > > where "accnt" is the user account on my.work.server and I use the
> > > password for accnt on my.work.server. This should allow me then to go
> > > through the ssh tunnel in the reverse direction (getting through the
> > > firewall that is blocking the use of incoming ssh from the home computer
> > > to the my.work.server).
> > > 
> > > Even after removing everything in hosts.allow on my.work.server, I still
> > > can't connect.
> > > 
> > > This SAME set up works fine if I set up the tunnel from my home computer
> > > to my account on my ISP's server. And yes I'm using "localhost" similar
> > > to what I show above. And I've tried it from my.work.server to my
> > > account on my ISP but have the same problem so the problem is something
> > > on my.work.server. 
> > > 
> > > Is it possible for the firewall to block a reverse tunnel (without
> > > blocking outgoing ssh)?
> > > 
> > > Rick B.
> > > 
> > >   
> > Rick,
> > 
> >  What do you see if you add -v to the "ssh -p 2022 accnt@localhost"?
> > Also, what if you, instead of using localhost, use the ip address of
> > your eth0 interface in the previous command?  If you do that and, in
> > another terminal, do a "tcpdump -i eth0 -vv -l port 2022" do you see
> > the connection attempt being made to the port?  Also try adding -v to
> > the connection where you are creating the tunnel and then watch the
> > output of that connection as you try to make a connection back over
> > the tunnel.
> > 
> > FWIW, I just did your exact setup with two machines that I have and it
> > worked perfectly (prompted me for passwords and then the logins
> > worked).   I added -v to both the tunnel creation and then the reverse
> > use of the tunnel and saw some fun stuff.
> > 
> > Kevin
> > 
> > 
> > -- 
> > fedora-list mailing list
> > fedora-list@xxxxxxxxxx
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 
> I will try this tomorrow and capture the results. I have done this but
> haven't had time to document everything. Thanks. 
> 
> I did try replacing localhost with the IP address of the computer but,
> if memory serves, nothing happens (no message, no connection). I also
> turned off portsentry but it did not fix things.
> 
> I'm going to use my F8 laptop to replace the server temporarily and see
> if it works with the laptop.
> 
> Rick B.
> 

I hooked up my laptop to the network and was able to create the reverse
tunnel using the steps I'd shown. So it's not the network. Something on
the server is set differently. I'm not sure I can take any more time to
figure it out given I'm planning on upgrading the server from F8 to F9.

Thanks for everyone's help in trying to figure it out.

Rick B.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux