Problem with OpenSSH Remote Port Forwarding with Bind_address

ahmad.zuhd · 03-04-2010, 02:38 AM

As in the ssh(1) man page:

Quote:

-R [bind_address:]port:host:hostport
.......By default, the listening socket on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address `*', indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

i have 3 servers with the following ips:
testsrv1
eth0 192.168.88.134
testsrv2
eth0 192.168.88.132
eth0:0 192.168.88.139
testsrv3
eth0 192.168.88.136

basically, i've tried the

Code:

[root@testsrv1 ~]# ssh -R 4444:testsrv3:22 root@testsrv2

the Gatewayports on the server side is no, so the listening port on testserv2 is

Code:

[root@testsrv2 ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:745                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      127.0.0.1:4444                0.0.0.0:*                   LISTEN
tcp        0      0 192.168.88.132:22           192.168.88.1:14268          ESTABLISHED
tcp        0      0 192.168.88.132:22           192.168.88.134:52124        ESTABLISHED
tcp        0      0 :::111                      :::*                        LISTEN

When turning the Gatewayports on the server side, and binding the connection to the ip 192.168.88.139, it gave me the following:

Code:

[root@testsrv1 ~]# ssh -o "GatewayPorts no" -R 192.168.88.139:4444:testsrv3:22 root@testsrv2
Password:
Last login: Tue Feb 16 13:50:14 2010 from 192.168.88.134
[root@testsrv2 ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:745                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:4444                0.0.0.0:*                   LISTEN
tcp        0      0 192.168.88.132:22           192.168.88.134:50635        ESTABLISHED
tcp        0      0 192.168.88.132:22           192.168.88.1:14268          ESTABLISHED
tcp        0      0 :::111                      :::*                        LISTEN
[root@testsrv2 ~]#

from the netstat, we can note that the connection is bind to all addresses on all interfaces. also note that when the Gatewayports on the server is enabled, whatever the client Gatewayports value, it will listen to the 0.0.0.0:4444 address and that also contradicts with what has been stated in the man page

is this a bug or is it a normal behavior?

ahmad.zuhd · 03-07-2010, 02:01 AM

Any answer guys? if clarification is required please let me know