Remote port tunnel only listens for local requests not internet

[Tom Atkinson]

Hi Shai,

cheers, I purchased your program but it does not seem to allow me to run the equivalent of this ssh command:

ssh -R *:12511:10.0.0.69:2511 pi@pi

Note the *: in the comman? This opens the port to anyone. Yours is only available to 127.0.0.1 (see my netstat output below).

The idea is to forward port 2511 on the android phone out to 12511 on the linux box.

My port forward setting in your program is:

R2511=localhost:12511

But this only works locally on the linux box - I need it open to the world.

When I use a proper ssh client with * in the command I get a listening socket for all ip addresses via the 0.0.0.0 ip address::

Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 0.0.0.0:12511         0.0.0.0:*               LISTEN  

But when i create the tunnel with your program on the android I get only the local one: 127.0.0.1:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 127.0.0.1:12511         0.0.0.0:*               LISTEN  

I can't connect from other machines to the server, which is kinda the point of my plan.

[Shai Ayal]

Hi Tom,

I will investigate. With your permission, I'd like to move this from the connectbot mailing list. Can you open an issue in the SPT page so that we have some documentation?

https://code.google.com/p/ssh-persistent-tunnel/issues/list

Thanks,

Shai

--
You received this message because you are subscribed to the Google Groups "ConnectBot Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to connectbot-use...@googlegroups.com.
To post to this group, send email to connectb...@googlegroups.com.
Visit this group at http://groups.google.com/group/connectbot-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

SPT - persistent SSH tunnels for android.

[l00g33k]

I think it is a function of the ssh server, and not the client, which the ConnectBot is. From my phone I can connect to my home server running dropbear ssh server and the reverse forward allows Google Maps to pickup .kml file on my phone, proving that reverse forward works.

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

[Shai Ayal]

You are correct that the ssh server has to allow this, but it is the responsibility of the client to request it. By default it should only binds to the local interface on the server for security reasons.

Anyway, Tom was referring to SSH Persistent Tunnels (SPT), not connectbot, which is why I asked him to move this conversation to the SPT issue page.

Shai

--

You received this message because you are subscribed to the Google Groups "ConnectBot Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to connectbot-use...@googlegroups.com.
To post to this group, send email to connectb...@googlegroups.com.
Visit this group at http://groups.google.com/group/connectbot-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[l00g33k]

I learned something. Thanks.

[Shai Ayal]

Actually, let me correct myself:

In the OpenSSH server, this is controlled by the GatewayPorts directive:

GatewayPorts: Specifies whether remote hosts are allowed to connect to ports forwarded for the client.  By default, sshd(8) binds remote port forwardings to the loopback address.  This prevents other remote hosts from connecting to forwarded ports.  GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect.  The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound.  The default is “no”.

So, it is possible for the server to determine this (values of "ues" or "no") or the client (value of “clientspecified”)

Shai

[l00g33k]

Ah, and I now recall putty has such a checkbox, and I guess ConnectBot automatically allows since I don't see a setting for it. Thanks.