|
|
Secure Shell
Reverse port forwarding (-R) seems not working Nov 10 2009 10:17PM Vincenzo Romano (Vincenzo Romano notorand it) (3 replies) Re: Reverse port forwarding (-R) seems not working Nov 11 2009 01:10PM Greg Wooledge (wooledg eeg ccf org) Re: Reverse port forwarding (-R) seems not working Nov 11 2009 04:40AM Darren Tucker (dtucker zip com au) (2 replies) Re: Reverse port forwarding (-R) seems not working Nov 11 2009 05:49AM Vincenzo Romano (Vincenzo Romano notorand it) Re: Reverse port forwarding (-R) seems not working Nov 11 2009 03:38AM Joseph Spenner (joseph85750 yahoo com) |
|
Privacy Statement |
If I enable the GatewayPorts on the sshd_config (not ssh_config), then
no RPF works anymore on the dummy interfaces or the loopback.
They all fail with:
Warning: remote port forwarding failed for listen port 139, despite
there's no process listening on that interface and that port.
The client is:
OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006
The server is:
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
and I won't be able to update them.
What could be the next hint?
Thanks.
2009/11/11 Darren Tucker <dtucker (at) zip.com (dot) au [email concealed]>:
> Vincenzo Romano wrote:
>>
>> Hi all.
>> I need to create a number of different reverse port forwarding (RPF)
>> with the -R option.
>> On the remote system I have set up a number of different dummy local
>> interfaces (dummy0=127.0.1.1 to dummy9=127.0.1.10).
>> A single RPF should look like this:
>>
>> ssh -N -n -R 127.0.1.1:139:somelocalhost:139 user (at) remotehost (dot) net [email concealed]
>>
>> (it's actually for SAMBA printers reachability).
>> What happens instead is that, upon ssh connection on the remotehost I
>> see a listening socket on the interface 127.0.0.1!
>> That's the lo (loopback) and not the dummy0.
>> In an attempt to troubleshoot this problem I've changed the sshd
>> configuration in order to have it listening on every single interface
>> (as poosed to the default "one catches them all" setup). No luck.
>
> If you're using OpenSSH then you need to set "GatewayPorts clientspecified"
> in sshd_config and restart sshd. If your sshd doesn't understand
> "clientspecified" then it also doesn't have the code to handle this case and
> you'll need a newer version.
>
> quoth ssh_config(5):
>
> GatewayPorts
> Specifies whether remote hosts are allowed to con-
> nect to ports forwarded for the client. By
> default, sshd(8) binds remote port forwardings to
> the loopback address. This prevents other remote
> hosts from connecting to forwarded ports.
> GatewayPorts can be used to specify that sshd
> should allow remote port forwardings to bind to
> non-loopback addresses, thus allowing other hosts
> to connect. The argument may be "no" to force
> remote port forwardings to be available to the
> local host only, "yes" to force remote port for-
> wardings to bind to the wildcard address, or
> "clientspecified" to allow the client to select the
> address to which the forwarding is bound. The
> default is "no".
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
--
Vincenzo Romano
NotOrAnd Information Technologies
cel. +39 339 8083886 | gtalk. vr (at) notorand (dot) it [email concealed]
fix. +39 0823 454163 | skype. notorand.it
fax. +39 02 700506964 | msn. notorand.it
--
NON QVIETIS MARIBVS NAVTA PERITVS
[ reply ]