02-27-2007
SSH Tunneling
Hi all
question -
there are 2 servers A + B. server A is connected to the internet and running a squid proxy server - server B is behind a firewall. I can ssh from A to B but not from B to A. I need internet access on B to update some files. I thought I could use some sort of ssh tunnel to achieve this.
I was thought a remote port forward from A to B. I configured this ( from server A do 'ssh -R 1234:squidproxy_ipaddress:3128 user@server_B) and got a http 403 error when doing the update on B and pointing at localport 1234 which , i thought, indicated a permissions issue on the squid proxy no problem to sort out - except i dont have permissions to do it
- the sysadmin can sort it out though
however
The sysadmin says it wont work I should be doing a local port forward on A - i configured this (ssh -L:localhost:3128 user@serverB) and got a 'connection refused error' when doing the update from server B
its not resolved yet as sysadmins unavailable but out of curiosity who is right here - these tunnels can get a bit confusing! - thoughts appreciated as always
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello,
I am within a LAN system and I need to be able to tunnel out (and recv UDP) packets.
Currently the router automatically drops UDP packets.
My PC cant see the outside world, nor ping, but it can connect via SSH to a server on the "edge" of the network which can see everything. I... (2 Replies)
Discussion started by: ErNci
2 Replies
2. Solaris
Hi,
I have tried the following:
on PC1 (win xp) I have created ssh connection with port forwarding
(local 8888 to remote 8888) to server1.
>From server1 I have created another ssh connection with port
forwarding to server2(local 8888 to remote 1521).
When I try to connect to oracle... (3 Replies)
Discussion started by: goran00
3 Replies
3. Filesystems, Disks and Memory
Hello Folks,
Im trying to pass the NFS Shared data through the SSH tunnel. Following are the Steps for my Executions:
A) Commands Executed on Server (NFS Server + SSHD Server running)
i) share -F nfs -o rw=<NFS Server IP> /home
ii) Start the NFS Server Services and SSHD Services.
... (3 Replies)
Discussion started by: ImpeccableCode
3 Replies
4. UNIX for Advanced & Expert Users
Hi - I frequently run commands, and transfer files to/from a host that uses SecurID ssh authentication. It is a real pain to have to enter the authentication information every time I want to interact with this host. I am wondering if there is a way to establish a one-time ssh connection to this... (2 Replies)
Discussion started by: cpp6f
2 Replies
5. Infrastructure Monitoring
Performing UDP tunneling through an SSH connection
Found this while looking for a way to temporarily forward SNMP requests across otherwise disconnected networks. Might be useful for someone else, too. (1 Reply)
Discussion started by: pludi
1 Replies
6. UNIX for Dummies Questions & Answers
So this seems like something that should be simple...but I can't quite seem to get it up and running. I have a machine, .107 with a GUI on port 8443. The problem is that I can't connect directly to .107 from my laptop. Now I have another machine, .69 that can connect to .107. So shouldn't I be able... (4 Replies)
Discussion started by: DeCoTwc
4 Replies
7. Shell Programming and Scripting
Is it secure to use free shells for ssh tunneling? Can the shell provider see and log the sites I visit and passwords I enter?
I'm new to this thing and couldn't find info on google :o (5 Replies)
Discussion started by: rafunk
5 Replies
8. UNIX for Advanced & Expert Users
Hi!
I came to know about SSH Tunneling to bypass the Firewall.
I will have to setup a free access SSH server to tunnel data access through PUTTY or OpenSSH.
The problem is that I don't know about any free access servers.
So, can anyone of you guide me for that, for any type of help? (1 Reply)
Discussion started by: nixhead
1 Replies
9. UNIX for Dummies Questions & Answers
I want to perform ssh tunnelling for which I have been using PuTTy. Config is as follows:
Host IP: 172.XX.XX.111Port: 22Tunnel setting source port: 19005Destination: 172.XX.XX.40:1521After entering my user ID and password, I am able to see in my command prompt that 127.0.0.1:19005 is listening.... (1 Reply)
Discussion started by: aakashsoor
1 Replies
10. Shell Programming and Scripting
I have a process running on my local server.
http://dev.techx.com:6060/proct
I wish to block port 6060 and expose port 7777 to the outside world.
I block port 6060 and open port 7777 on the firewall.
What should be the PuTTY Settings -> Connection -> SSH -> Tunnels
1. Destination ... (3 Replies)
Discussion started by: mohtashims
3 Replies
LEARN ABOUT DEBIAN
connect-proxy
CONNECT-PROXY(1) General Commands Manual CONNECT-PROXY(1)
NAME
connect-proxy -- connect over SOCKS4/5 proxy
SYNOPSIS
connect-proxy [-dnhst45] [-R resolve ] [-p local-port ] [-w secs ] [-H [user@]proxy-server[:port]] ] [-S [user@]socks-server[:port]] ]
[-T proxy-server[:port] ] [-c telnet-proxy-command ] [host] [port]
DESCRIPTION
connect-proxy open connection over SOCKS4/5 proxies
Please, note that any HTTP-Proxy tunnel won't work with content-inspection firewall (unless using SSL).
OPTIONS
-H specifies a hostname and port number of the http proxy server to relay. If port is omitted, 80 is used. You can specify this
value in the environment variable HTTP_PROXY and pass the -h option to use it.
-S specifies the hostname and port number of the SOCKS server to relay. Like -H, port number can be omitted and the default is
1080. You can also specify this value pair in the environment variable SOCKS5_SERVER and give the -s option to use it.
-4 specifies SOCKS relaying and indicates protocol version to use. It is valid only when used with '-s' or '-S'. Default is '-5'
(protocol version 5)
-R method to resolve the hostname. Three keywords ("local", "remote", "both") or dot-notation IP address are acceptable. The key-
word "both" means, "Try local first, then remote". If a dot-notation IP address is specified, use this host as nameserver. The
default is "remote" for SOCKS5 or "local" for others. On SOCKS4 protocol, remote resolving method ("remote" and "both") requires
protocol 4a supported server.
-p will forward a local TCP port instead of using the standard input and output.
-P same to '-p' except keep remote session. The program repeats waiting the port with holding remote session without disconnecting.
To connect the remote session, send EOF to stdin or kill the program.
-w timeout in seconds for making connection with TARGET host.
-d used for debug. If you fail to connect, use this and check request to and response from server.
USAGE
To use proxy, this example is for SOCKS5 connection to connect to "host" at port 25 via SOCKS5 server on "firewall" host.
connect-proxy -S firewall host 25
SOCKS5_SERVER=firewall; export SOCKS5_SERVER; connect-proxy -s host 25
For a HTTP-PROXY connection:
connect-proxy -H proxy-server:8080 host 25
HTTP_PROXY=proxy-server:8080; export HTTP_PROXY; connect-proxy -h host 25
To forward a local port, for example to use ssh:
connect-proxy -p 5550 -H proxy-server:8080 host 22 ssh -l user
To use it along ssh transparently:
# file://~/.ssh/config
# not using proxy on lan
Host 192.*
ProxyCommand connect-proxy %h %p
# mandatory to access the internet
Host *
ProxyCommand connect-proxy -H proxyserver:8080 %h %p
Or for all users ( /etc/ssh/ssh_config )
ENVIRONMENT
SOCKS5_USER, SOCKS5_PASSWORD, HTTP_PROXY_USER, HTTP_PROXY_PASSWORD, CONNECT_PASSWORD, LOGNAME, USER
SEE ALSO
ssh (1).
WWW
http://www.meadowy.org/~gotoh/projects/connect
AUTHOR
This manual page was written by Philippe Coval rzr@gna.org for the Debian system (but may be used by others). Permission is granted to
copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later version published by
the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
CONNECT-PROXY(1)