Re: Reverse port forwarding (-R) seems not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Great!
Isn't mine a FAQ?
Thanks.

2009/11/11 Darren Tucker <dtucker@xxxxxxxxxx>:
> Vincenzo Romano wrote:
>>
>> Hi all.
>> I need to create a number of different reverse port forwarding (RPF)
>> with the -R option.
>> On the remote system I have set up a number of different dummy local
>> interfaces (dummy0=127.0.1.1 to dummy9=127.0.1.10).
>> A single RPF should look like this:
>>
>> ssh -N -n -R 127.0.1.1:139:somelocalhost:139 user@xxxxxxxxxxxxxx
>>
>> (it's actually for SAMBA printers reachability).
>> What happens instead is that, upon ssh connection on the remotehost I
>> see a listening socket on the interface 127.0.0.1!
>> That's the lo (loopback) and not the dummy0.
>> In an attempt to troubleshoot this problem I've changed the sshd
>> configuration in order to have it listening on every single interface
>> (as poosed to the default "one catches them all" setup). No luck.
>
> If you're using OpenSSH then you need to set "GatewayPorts clientspecified"
> in sshd_config and restart sshd.  If your sshd doesn't understand
> "clientspecified" then it also doesn't have the code to handle this case and
> you'll need a newer version.
>
> quoth ssh_config(5):
>
>     GatewayPorts
>             Specifies whether remote hosts are allowed to con-
>             nect to ports forwarded for the client.  By
>             default, sshd(8) binds remote port forwardings to
>             the loopback address.  This prevents other remote
>             hosts from connecting to forwarded ports.
>             GatewayPorts can be used to specify that sshd
>             should allow remote port forwardings to bind to
>             non-loopback addresses, thus allowing other hosts
>             to connect.  The argument may be "no" to force
>             remote port forwardings to be available to the
>             local host only, "yes" to force remote port for-
>             wardings to bind to the wildcard address, or
>             "clientspecified" to allow the client to select the
>             address to which the forwarding is bound.  The
>             default is "no".
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>



-- 
Vincenzo Romano
NotOrAnd Information Technologies
cel. +39 339 8083886  | gtalk. vr@xxxxxxxxxxx
fix. +39 0823 454163  | skype. notorand.it
fax. +39 02 700506964 | msn.   notorand.it
--
NON QVIETIS MARIBVS NAVTA PERITVS


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux