To set the sceen.

I run a small network with 5 desktops, 1 laptop and 2 servers

Server Alpha is a debian etch gateway with squid passing off the request to an upstreem proxy. BIND9 installed and working etc.

Sevre Beta is a debian etch fileserver with samba.

I have an external server setup with a DynDns name as IP access is blocked, called RemoteMail with fetchmail and courrier setup and working.

The network is attached via Alpha to a School whos network is provided for by Easynet. The network is quite well locked down. I can only get DHCP and HTTP access through a Proxy.

I have setup RemoteMail box which lissens on port 443 (SSL) for SSH. Using this I can connect an SSH tunnel using corkscrew to my external server from Alpha. Not bad I thought.

I want to open a port on Alpha for POP3 and SMTP access to RemoteMail.

I have tried using
SSH -C -P 443 -L 1110:localhost:110 remotemail.dyndnsname

I may have missed a few things here but as I can not get access it is a little difficult to check at the min.

Anyway the about command prompts for a password on the remote box and logs in. I would have thought that this would then open port 1110 on Alpha and make it appear as port 110 at RemoteMail, but it does not work.

I have tried rpcinfo -p alpha and it does not show port 1110 open on alpha :-(

I can create a tunnel using putty in windows and download my POP3 mail and send my SMTP connection so that works.

I would also like the tunnel to start at bootup (script) using Strong RSA keys does the SSH -N option start the tunnel but not open a terminal on the remote machine, because when I have tried it, it just seems to sit there waiting, and as it does not seem to open the local port I unable to check if it works.

Please help me on getting the portmaping to work and how do I write a script to start the tunnel at boot and maintain if lost. PS I have set KeepAlive on both machines.

Thanks for all / ANY help

to what extent is this not working? the command itself seems fine. i'd suggest you added a -N to make it work better as a non-shell instance, and only do the tunnel, but the command you gave should work when run as a normal ssh connection... is that not the case? any errors? try adding a few extra -v's to the command line to get some debugging info.

sorry perhaps I should have made this clearer.

The SSH connection works, tunnelling does not.

The tunnel does not seem to pass traffic I want

My POP3 Clients (Desktops) -> Alpha port 1110 -> ssh tunnel over http -> RemoteMail port 110

Am I not understanding how the funnels work?

essentially I want Alpha to be almost like a proxy for my pop3 traffic passing off the requests to RemoteMail.

Does this make it clearer?

Side note / If I connect to the pop3 on a machine with a direct conection to the remotemail server it all works (Downloading pop and smtp). It logs all access in the syslog. when I try to connect through the syslog I get nothing in the logs so I assume the traffic if failing / termanating at alpha

okay I have figured out the -g to allow SSH tunnels to be available to not just the localhost, the firewall blocks access to the external interface so this should be fine for the time been, can these tunnels be tied to an external ip?

I have started in init script which starts the tunnel with the -N and -f switch (to start it in the background).

I have done the updaterc on the init script but it does not start on machine boot. How do i do that so I don't have to login and start the tunnel.

how are you actually trying to start this then? your own custom sysvinit script? personally i would just add it to /etc/rc.local if you're using redhat or such like. you have the shared key stuff already sorted out i take it? note that the shared keys will be taken from the root users .ssh directory (well... i assume to be honest)

yes I have the keys working now (This is debian etch sorry I thought I put that in an ealier post).

I have set up init scripts called from the command line /etc/init.d/ssh_tunnel start | stop

start = ssh + commands etc

stop = killall ssh / restart ssh (just to make sure the tunnel drops)

ok, so i'm not clear on what part isn't working... if you run your init script manually yourself does it work? if so and just somehow not automatically i'd first ensure the script is actually being called, i.e. is lnked into /etc/rc2.d or whatever hippy place debian uses. also i'd probably modify the script to redirect output to a log file, adding -v's as above to get as much output as possible.

if the mnachine boots the script is not run. It does run with the command

/etc/init.d/ssh_tunnel start

and stops with

/etc/init.d/ssh_tunnel stop

but when I close my terminal to start and stop the tunnel the tunnel dies. Which is why I wanted it to run at boot. Is there a switch to make the script log to a file? as it does not show in /var/log/syslog

there is a symbolic link to /etc/rc.d/rcS (I think off hand) / rcS50ssh_tunnel (again I think)

I have tried adding to the init script user = root and group = root, is that right? (Once it is working I have a user setup for the tuneel to run as)