It's not yet working though. If I enable the GatewayPorts on the sshd_config (not ssh_config), then no RPF works anymore on the dummy interfaces or the loopback. They all fail with: Warning: remote port forwarding failed for listen port 139, despite there's no process listening on that interface and that port. The client is: OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006 The server is: OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 and I won't be able to update them. What could be the next hint? Thanks. 2009/11/11 Darren Tucker <dtucker@xxxxxxxxxx>: > Vincenzo Romano wrote: >> >> Hi all. >> I need to create a number of different reverse port forwarding (RPF) >> with the -R option. >> On the remote system I have set up a number of different dummy local >> interfaces (dummy0=127.0.1.1 to dummy9=127.0.1.10). >> A single RPF should look like this: >> >> ssh -N -n -R 127.0.1.1:139:somelocalhost:139 user@xxxxxxxxxxxxxx >> >> (it's actually for SAMBA printers reachability). >> What happens instead is that, upon ssh connection on the remotehost I >> see a listening socket on the interface 127.0.0.1! >> That's the lo (loopback) and not the dummy0. >> In an attempt to troubleshoot this problem I've changed the sshd >> configuration in order to have it listening on every single interface >> (as poosed to the default "one catches them all" setup). No luck. > > If you're using OpenSSH then you need to set "GatewayPorts clientspecified" > in sshd_config and restart sshd. If your sshd doesn't understand > "clientspecified" then it also doesn't have the code to handle this case and > you'll need a newer version. > > quoth ssh_config(5): > > GatewayPorts > Specifies whether remote hosts are allowed to con- > nect to ports forwarded for the client. By > default, sshd(8) binds remote port forwardings to > the loopback address. This prevents other remote > hosts from connecting to forwarded ports. > GatewayPorts can be used to specify that sshd > should allow remote port forwardings to bind to > non-loopback addresses, thus allowing other hosts > to connect. The argument may be "no" to force > remote port forwardings to be available to the > local host only, "yes" to force remote port for- > wardings to bind to the wildcard address, or > "clientspecified" to allow the client to select the > address to which the forwarding is bound. The > default is "no". > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > -- Vincenzo Romano NotOrAnd Information Technologies cel. +39 339 8083886 | gtalk. vr@xxxxxxxxxxx fix. +39 0823 454163 | skype. notorand.it fax. +39 02 700506964 | msn. notorand.it -- NON QVIETIS MARIBVS NAVTA PERITVS