Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

remote port forwarding is not reachable for != localhost

66 views
Skip to first unread message

maik

unread,
Oct 6, 2009, 8:42:49 AM10/6/09
to
For this problem i didn´t find any hints in several newsgroups:

A client C1 connects through SSH to a server with a tunnel
configuration “ssh -R:6000:localhost:4500 {server ip}” :
On the server the port 6000 forwards to the client C1 on port 4500.

Background: The port 6000 on the server has to forward a stream to the
client on port 4500. So far so good!

Problem: The port 6000 on the server is only reachable locally! This
port is not reachable from a (e.g.) client C2 or Cn from an other
host.
If i´m local on the server, and test a “telnet localhost 6000” the
port forwarding works fine. If I connect from a client C2 with “telnet
{server ip} 6000” it doesn´t work!

I checked if there is a firewall, but its not. I can reproduce this
case on a current SUSE Linux, as well on Darwin UNIX from my MacBook.

I can bypass that problem with another ssh session: After the first
ssh connect (C1 to server) I connect again within the current session
with
“ssh –g –L6001:localhost:6000 localhost”. Then the port “6001” is
reachable from “outside”, e.g. from client C2.

The parameter “-g” says “Allows remote hosts to connect to local
forwarded ports.” But that works not for the first connect above (C1
connects to server). It works only within a ssh session on the
destination server.

As I said, I can reproduce that on suse linux as well on Darwin OSX.
The bypass with the second ssh connection solves the problem, BUT I don
´t like it cause it´s a second ssh session. I would like to open the
remote port on the server also for other hosts with one ssh connect.


I hope I described my problem well, I look forward to your hints!


Donkey Hottie

unread,
Oct 7, 2009, 8:12:51 PM10/7/09
to
"maik" <maik.m...@gmail.com> wrote in message
news:e60f48c3-20b6-4467...@s6g2000vbp.googlegroups.com
> For this problem i didn�t find any hints in several

> newsgroups:
>
> A client C1 connects through SSH to a server with a tunnel
> configuration �ssh -R:6000:localhost:4500 {server ip}� :

> On the server the port 6000 forwards to the client C1
> on port 4500.
>
> Background: The port 6000 on the server has to forward a
> stream to the client on port 4500. So far so good!
>
> Problem: The port 6000 on the server is only reachable
> locally! This port is not reachable from a (e.g.) client
> C2 or Cn from an other host.

If you are using OpenSSH server, then this helps in the sshd_config:

# This allows other hosts to connect to my reverse tunnels
GatewayPorts yes

maik

unread,
Oct 9, 2009, 5:00:49 AM10/9/09
to
On 8 Okt., 02:12, "Donkey Hottie" <don...@fred.pp.fi> wrote:
> "maik" <maik.mrazo...@gmail.com> wrote in message
>
> news:e60f48c3-20b6-4467...@s6g2000vbp.googlegroups.com
>
> > For this problem i didn´t find any hints in several

> > newsgroups:
>
> > A client C1 connects through SSH to a server with a tunnel
> > configuration “ssh -R:6000:localhost:4500 {server ip}” :

> > On the server the port 6000 forwards to the client C1
> > on port 4500.
>
> > Background: The port 6000 on the server has to forward a
> > stream to the client on port 4500. So far so good!
>
> > Problem: The port 6000 on the server is only reachable
> > locally! This port is not reachable from a (e.g.) client
> > C2 or Cn from an other host.
>
> If you are using OpenSSH server, then this helps in the sshd_config:
>
> # This allows other hosts to connect to my reverse tunnels
> GatewayPorts yes


Yes, it works with that, thanks.
btw, also on Darwin OSX it works fine with that. So I guess with other
linux/unix operating systems it should work similar.

0 new messages