09-11-2008
ssh port forward over three server
Hello there,
I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture...
Client Server1 | Server2
------- ------- | -------
|...... | |...... | | |...... |
|...... | |...... | | |...... |
|...... | |...... | | |...... |
|...... | |...... | | |...... |
------- ------- | -------
Server2 is behind a firewall. Server1 is able to connect via ssh to server2.
The Client is able to connect via ssh to Server1.
From Server1 I can make a port forward like this.
Server1> ssh -L 1111:server2:2222 server2
This works fine.
But I want to connect the Port 1111 from the Client.
Client> ssh -L 1111:server1:1111 server1
This did not help.
What is wrong?
All the servers are UNIX servers.
Many thanks for your help!
10 More Discussions You Might Find Interesting
1. IP Networking
Hi Linux/Unix Guru,
I am setting Linux Hopping Station to another different servers.
My current config to connect to another servers is using different port to connect.
e.g
ssh -D 1080 -p 22 username@server1.com
ssh -D 1081 -p 22 username@server2.com
Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies
2. IP Networking
Hi,
Is there anyone know how to make port forward? And also, how to set up DYNDNS with router? (1 Reply)
Discussion started by: eel
1 Replies
3. IP Networking
Hey foks
my problem looks like this:
Computer 1 has two network interfaces (A and B). It's connected to computer 2 via ssh using network interface A. kann I forward network interface B to computer 2, so it shows up for example in ifconfig on computer 2? how? should i use something else than... (1 Reply)
Discussion started by: smf15
1 Replies
4. IP Networking
What I want to do is to connect to a server A (connected to a public IP) and forward the FTP connexion to server B (Connected to another public IP).
CLIENT ==>Debian SERVER A===> Debian SERVER B with ProFTPD
Passive FTP uses two ports, 21 that carries the commands and any port from about... (5 Replies)
Discussion started by: PatriceVigier
5 Replies
5. Cybersecurity
Hi Guys,
My certificate in /etc/ssh is different to what is on port 22.
username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp
# 127.0.0.1 SSH-1.99-OpenSSH_33.33
username@server:~$ ssh-keygen -lf /tmp/rsa.tmp
1024 46:something..................... 127.0.0.1... (0 Replies)
Discussion started by: mu100
0 Replies
6. UNIX for Dummies Questions & Answers
Hi Guys,
My certificate in /etc/ssh is different to what is on port 22.
username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp
# 127.0.0.1 SSH-1.99-OpenSSH_33.33
username@server:~$ ssh-keygen -lf /tmp/rsa.tmp
1024 46:something..................... 127.0.0.1... (0 Replies)
Discussion started by: mu100
0 Replies
7. Ubuntu
Hi,
I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Discussion started by: arsipk
0 Replies
8. UNIX for Advanced & Expert Users
I've been going crazy trying to get this working. Here's the situation: we have a Solaris 10 box that connects an internal network to an external network. We're using ipf/ipnat on it. We've added a couple of new boxes to the internal network (192.168.1.100, .101) and want to be able to get to port... (1 Reply)
Discussion started by: spakov
1 Replies
9. Debian
Hello, the Nat and the forward worked on my debian server up to the reboot of machines.
The following rules*:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Discussion started by: titoms
0 Replies
10. Red Hat
Hi all,
I can't port forward from WAN to VPN Client. VPN Client Ubuntu 18 192.168.0.16 Port 6000
VPN Gateway for LAN clients Centos 192.168.0.12
Router 192.168.0.1
I can forward to the VPN Client if VPN is not connected if I forward Port 6000 from 192.168.0.1 directly to 192.168.0.16.... (2 Replies)
Discussion started by: stinkefisch
2 Replies
LEARN ABOUT DEBIAN
connect-proxy
CONNECT-PROXY(1) General Commands Manual CONNECT-PROXY(1)
NAME
connect-proxy -- connect over SOCKS4/5 proxy
SYNOPSIS
connect-proxy [-dnhst45] [-R resolve ] [-p local-port ] [-w secs ] [-H [user@]proxy-server[:port]] ] [-S [user@]socks-server[:port]] ]
[-T proxy-server[:port] ] [-c telnet-proxy-command ] [host] [port]
DESCRIPTION
connect-proxy open connection over SOCKS4/5 proxies
Please, note that any HTTP-Proxy tunnel won't work with content-inspection firewall (unless using SSL).
OPTIONS
-H specifies a hostname and port number of the http proxy server to relay. If port is omitted, 80 is used. You can specify this
value in the environment variable HTTP_PROXY and pass the -h option to use it.
-S specifies the hostname and port number of the SOCKS server to relay. Like -H, port number can be omitted and the default is
1080. You can also specify this value pair in the environment variable SOCKS5_SERVER and give the -s option to use it.
-4 specifies SOCKS relaying and indicates protocol version to use. It is valid only when used with '-s' or '-S'. Default is '-5'
(protocol version 5)
-R method to resolve the hostname. Three keywords ("local", "remote", "both") or dot-notation IP address are acceptable. The key-
word "both" means, "Try local first, then remote". If a dot-notation IP address is specified, use this host as nameserver. The
default is "remote" for SOCKS5 or "local" for others. On SOCKS4 protocol, remote resolving method ("remote" and "both") requires
protocol 4a supported server.
-p will forward a local TCP port instead of using the standard input and output.
-P same to '-p' except keep remote session. The program repeats waiting the port with holding remote session without disconnecting.
To connect the remote session, send EOF to stdin or kill the program.
-w timeout in seconds for making connection with TARGET host.
-d used for debug. If you fail to connect, use this and check request to and response from server.
USAGE
To use proxy, this example is for SOCKS5 connection to connect to "host" at port 25 via SOCKS5 server on "firewall" host.
connect-proxy -S firewall host 25
SOCKS5_SERVER=firewall; export SOCKS5_SERVER; connect-proxy -s host 25
For a HTTP-PROXY connection:
connect-proxy -H proxy-server:8080 host 25
HTTP_PROXY=proxy-server:8080; export HTTP_PROXY; connect-proxy -h host 25
To forward a local port, for example to use ssh:
connect-proxy -p 5550 -H proxy-server:8080 host 22 ssh -l user
To use it along ssh transparently:
# file://~/.ssh/config
# not using proxy on lan
Host 192.*
ProxyCommand connect-proxy %h %p
# mandatory to access the internet
Host *
ProxyCommand connect-proxy -H proxyserver:8080 %h %p
Or for all users ( /etc/ssh/ssh_config )
ENVIRONMENT
SOCKS5_USER, SOCKS5_PASSWORD, HTTP_PROXY_USER, HTTP_PROXY_PASSWORD, CONNECT_PASSWORD, LOGNAME, USER
SEE ALSO
ssh (1).
WWW
http://www.meadowy.org/~gotoh/projects/connect
AUTHOR
This manual page was written by Philippe Coval rzr@gna.org for the Debian system (but may be used by others). Permission is granted to
copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later version published by
the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
CONNECT-PROXY(1)