Vincenzo Romano wrote:
Hi all.
I need to create a number of different reverse port forwarding (RPF)
with the -R option.
On the remote system I have set up a number of different dummy local
interfaces (dummy0=127.0.1.1 to dummy9=127.0.1.10).
A single RPF should look like this:
ssh -N -n -R 127.0.1.1:139:somelocalhost:139 user@xxxxxxxxxxxxxx
(it's actually for SAMBA printers reachability).
What happens instead is that, upon ssh connection on the remotehost I
see a listening socket on the interface 127.0.0.1!
That's the lo (loopback) and not the dummy0.
In an attempt to troubleshoot this problem I've changed the sshd
configuration in order to have it listening on every single interface
(as poosed to the default "one catches them all" setup). No luck.
If you're using OpenSSH then you need to set "GatewayPorts
clientspecified" in sshd_config and restart sshd. If your sshd doesn't
understand "clientspecified" then it also doesn't have the code to
handle this case and you'll need a newer version.
quoth ssh_config(5):
GatewayPorts
Specifies whether remote hosts are allowed to con-
nect to ports forwarded for the client. By
default, sshd(8) binds remote port forwardings to
the loopback address. This prevents other remote
hosts from connecting to forwarded ports.
GatewayPorts can be used to specify that sshd
should allow remote port forwardings to bind to
non-loopback addresses, thus allowing other hosts
to connect. The argument may be "no" to force
remote port forwardings to be available to the
local host only, "yes" to force remote port for-
wardings to bind to the wildcard address, or
"clientspecified" to allow the client to select the
address to which the forwarding is bound. The
default is "no".
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
