Problem with OpenSSH Remote Port Forwarding with Bind_address


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Problem with OpenSSH Remote Port Forwarding with Bind_address
# 1  
Old 03-01-2010
Problem with OpenSSH Remote Port Forwarding with Bind_address

As in the ssh(1) man page:
sshd_config(5)).
&section=0&os=ssh(1)">-R [bind_address:]port:host:hostport
.......By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address `*', indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).


i have 3 servers with the following ips:
testsrv1
eth0 192.168.88.134
testsrv2
eth0 192.168.88.132
eth0:0 192.168.88.139
testsrv3
eth0 192.168.88.136

basically, i've tried the
Code:
[root@testsrv1 ~]# ssh -R 4444:testsrv3:22 root@testsrv2

the Gatewayports on the server side is no, so the listening port on testserv2 is
Code:
[root@testsrv2 ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:745                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      127.0.0.1:4444                0.0.0.0:*                   LISTEN
tcp        0      0 192.168.88.132:22           192.168.88.1:14268          ESTABLISHED
tcp        0      0 192.168.88.132:22           192.168.88.134:52124        ESTABLISHED
tcp        0      0 :::111                      :::*                        LISTEN


When turning the Gatewayports on the server side, and binding the connection to the ip 192.168.88.139, it gave me the following:

Code:
[root@testsrv1 ~]# ssh -o "GatewayPorts no" -R 192.168.88.139:4444:testsrv3:22 root@testsrv2
Password:
Last login: Tue Feb 16 13:50:14 2010 from 192.168.88.134
[root@testsrv2 ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:745                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:4444                0.0.0.0:*                   LISTEN
tcp        0      0 192.168.88.132:22           192.168.88.134:50635        ESTABLISHED
tcp        0      0 192.168.88.132:22           192.168.88.1:14268          ESTABLISHED
tcp        0      0 :::111                      :::*                        LISTEN
[root@testsrv2 ~]#

from the netstat, we can note that the connection is bind to all addresses on all interfaces. also note that when the Gatewayports on the server is enabled, whatever the client Gatewayports value, it will listen to the 0.0.0.0:4444 address and that also contradicts with what has been stated in the man page

is this a bug or is it a normal behavior?
# 2  
Old 03-03-2010
Any update?? if the question is not clear please let me know to clarify more

Last edited by ahmad.zuhd; 03-07-2010 at 03:55 AM..
# 3  
Old 03-08-2010
any update guys...
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

iptables port forwarding

Hello All, I would like to ask you very kindly with /etc/sysconfig/iptables file I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated. My... (2 Replies)
Discussion started by: oidipus
2 Replies

2. IP Networking

Port Forwarding not working

Hello Gurus, I have configured port forwarding at router. But after configuration I am not able to connect the computer from outside/Over internet/Remote desktp from other computer. Could you please advice? Thanks- Pokhraj (2 Replies)
Discussion started by: pokhraj_d
2 Replies

3. UNIX for Advanced & Expert Users

Help on port forwarding please..

Hi experts, We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies

4. IP Networking

Port forwarding issue

hi guys i have a simple question ! i have two ips . a valid and internal(172.16.11.2) i want to use port forwarding to forward any request to valid IP port 8001 to internal ip port 80 . i use this rule : sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp... (1 Reply)
Discussion started by: mhs
1 Replies

5. UNIX for Advanced & Expert Users

Forwarding syslog msgs to remote server non standard port

Hello Forumers! Has anyone successfully implemented forwarding of syslog messages to a remote server which is listening on a port other than udp514? Thanks! (3 Replies)
Discussion started by: bluescreen
3 Replies

6. IP Networking

SSH Port Forwarding - sharing the same port

Hi Linux/Unix Guru, I am setting Linux Hopping Station to another different servers. My current config to connect to another servers is using different port to connect. e.g ssh -D 1080 -p 22 username@server1.com ssh -D 1081 -p 22 username@server2.com Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies

7. Solaris

ip and port forwarding in Solaris 10

Hi; I have the following issue: I have a Solaris server running an old applications which connects to an http server in other server at certain port. The thing is that the http server has changed its ip and port and the addres in the app is hard coded and touching the app by now is out of the... (0 Replies)
Discussion started by: ppereira
0 Replies

8. Cybersecurity

ssh X-forwarding and remote forwarding behind proxy

Hi, from my workplace we use a proxy to connect to the outside world, including external ssh servers. The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies

9. UNIX for Advanced & Expert Users

Port forwarding

Hi I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables. iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230 iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT ... (2 Replies)
Discussion started by: slash_blog
2 Replies

10. UNIX for Advanced & Expert Users

port forwarding

Hi, I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies
Login or Register to Ask a Question