Secure Shell
bind_address ignored? Aug 12 2010 08:42PM
Jon (jonathan88 gmail com)
I must be doing something wrong or the server seems to ignore my bind request.

Port forwarding is working it just bind to all ips and ignores my bind
request. I've also tried this with an rfc1918 address opposed to a
loopback and had the same results.

Google and the archive haven't helped.

Thanks in advance for your time and consideration.

-server-
uname -a
Linux example.com 2.6.18-128.7.1.el5xen #1 SMP Mon Aug 24 10:08:55 EDT
2009 i686 i686 i386 GNU/Linux
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

-sshd_config-
AllowTcpForwarding yes
GatewayPorts yes

-from other system-
ssh -R 127.0.0.10:12491:127.0.0.1:5000 foo (at) example (dot) com [email concealed]

-messages-
Aug 12 16:22:45 xxx sshd[1440]: debug1: server_input_global_request:
tcpip-forward listen 127.0.0.10 port 12491
Aug 12 16:22:45 xxx sshd[1440]: debug1: Local forwarding listening on
:: port 12491.
Aug 12 16:22:45 xxx sshd[1440]: debug1: channel 0: new [port listener]
Aug 12 16:22:45 xxx sshd[1440]: debug1: Local forwarding listening on
0.0.0.0 port 12491.
Aug 12 16:22:45 xxx sshd[1440]: error: bind: Address already in use

-check-
netstat -an | grep 12491
tcp 0 0 :::12491 :::*
LISTEN

okay that didn't work lets see if "GatewayPorts" is related

-sshd_config-
AllowTcpForwarding yes
GatewayPorts no

-from other system-
ssh -R 127.0.0.10:12491:127.0.0.1:5000 foo (at) example (dot) com [email concealed]

-messages-
Aug 12 16:25:26 xxx sshd[1578]: debug1: Local forwarding listening on
127.0.0.1 port 12491.
Aug 12 16:25:26 xxx sshd[1578]: debug1: channel 0: new [port listener]
Aug 12 16:25:26 xxx sshd[1578]: debug1: Local forwarding listening on
::1 port 12491.

-check-
netstat -an | grep 12491
tcp 0 0 127.0.0.1:12491 0.0.0.0:*
LISTEN
tcp 0 0 ::1:12491 :::*
LISTEN

-networking-
eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx Mask:255.255.252.0
inet6 addr: fe80::216:3eff:fe6b:1e1d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33160 errors:0 dropped:0 overruns:0 frame:0
TX packets:1240 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2158440 (2.0 MiB) TX bytes:228786 (223.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:124 errors:0 dropped:0 overruns:0 frame:0
TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11631 (11.3 KiB) TX bytes:11631 (11.3 KiB)

lo:1 Link encap:Local Loopback
inet addr:127.0.0.10 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1

-check-
ping 127.0.0.10
PING 127.0.0.10 (127.0.0.10) 56(84) bytes of data.
64 bytes from 127.0.0.10: icmp_seq=1 ttl=64 time=0.025 ms

-check-
ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms

-from man-
GatewayPorts
Specifies whether remote hosts are allowed to connect to
ports forwarded for the client. By default, sshd binds remote port
for-
wardings to the loopback address. This prevents other
remote hosts from connecting to forwarded ports. GatewayPorts can be
used
to specify that sshd should allow remote port forwardings
to bind to non-loopback addresses, thus allowing other hosts to con-
nect. The argument may be "no" to force remote port
forwardings to be available to the local host only, "yes" to force
remote
port forwardings to bind to the wildcard address, or
"clientspecified" to allow the client to select the address to which
the
forwarding is bound. The default is "no".

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus