Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am sharing my notebook's Internet connection with a Wifi router through an Ethernet cable. This router then provides connection to other devices (phone/tablet).
I always have an SSH tunnel running on this notebook, so I can check my email securely:
I used to link -L 11110:127.0.0.1:110, but after reading I found out that 127.0.0.1 restricts incoming connections to the local machine, while 0.0.0.0 is supposed to allow them from other machines as well. So I changed it, but that didn't solve my problem.
Moving on, I configure my email client to poll 127.0.0.1:11110 instead of server.com:110. Okay, it works.
But now I am sharing the connection with other devices, say the tablet. I want the tablet to use that same tunnel.
I know that my notebook's IP address is 10.41.42.1 because ifconfig told me so and I have Apache running and I can browse my test page on http://10.41.42.1:port from the tablet.
So I thought that polling my mail through 10.41.42.1:11110 on the tablet would work, but it doesn't.
Wasn't 0.0.0.0 supposed to solve that problem? Do I have to open something up with iptables to let the tablet use the tunnel that runs constantly on the notebook?
the IP in the middle of the string is the destination to be connected to from the remote machine. making it 0.0.0.0 will not make anything work (unless it somehow defaults to localhost or something I'm not aware of.
If you want someone to be able to connect to the tunnel on your local machine, then you don't need to do anything special in ssh at all. It's more likely that iptables is not permitting the traffic into the box.
you can specify a single local IP to listen on by adding the optional bind_address "-L [bind_address:]port:host:hostport", but you shouldn't need to. when your tunnel is up, check what's listening locally with "netstat -plnt" and you should see an entry for 0.0.0.0:11110 or something. that'll show it's listening on ALL interfaces.
I thought that maybe iptables was blocking something, but I am not so convinced. If iptables were blocking it, I wouldn't be able to ping 10.41.42.1 from the phone, which I can.
On the other hand, I can't ping 10.41.42.1:9000, but I can view it with the browser.
you can't "ping" 10.41.42.1:9000, that doesn't make sense. you ping IP addresses, not ports. show us the output of "iptables -vnL" on the box, that'll show the current ruleset.
right, so no, there's no rule to permit, for example, 11110 into the system.
I am not sure your statement is correct.
I am using a firewall script which I don't remember where I got, but I think it was on the Ubuntu repository. It's a script that begins like this:
Code:
#!/bin/bash
#
# rc.firewall Linux Firewall version 2.0rc9 -- 05/02/03
# http://projectfiles.com/firewall/
#
# Copyright (C) 2001-2003 Scott Bartlett <srb@mnsolutions.com>
Don't bother going to projectfiles.com, it is just a link farm now.
Further down, the script goes like this:
Code:
# The PERMIT option below allows remote access to this machine
# in the three ways listed below. Note that blah blah blah...
PERMIT="10.41.42.0/24"
DENY="198.168.0.0/24 198.168.1.0/24"
# List internal (private) interfaces here to allow this machine to act as a
# router. All interfaces NOT listed here are considered external (public)
# and will be automatically protected by the firewall.
# Example: INTERNAL_INTERFACES="eth1 eth2 brg0"
INTERNAL_INTERFACES="eth0"
Please note these two lines:
PERMIT="10.41.42.0/24"
INTERNAL_INTERFACES="eth0"
I am indeed trying to connect from a tablet that is connected to a router that is connected to the notebook through eth0. And eth0 is marked as an INTERNAL i.e. trusted interface. Everything to and from the notebook and eth0 should be free to move unhindered.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.