|
SSH reverse tunnel (lo only? why not eth0)(how to forward tcp port from eth0 to lo)
Well,
I have setup a reverse tunnel in ssh to allow connections to remotedesktop on Machine A. Machine A will ssh into the server (Server B) the tunnel is setup properly, Server B forwards traffic on TCP port 3389 to Machine A on TCP port 3389, However ssh only listens on the loopback interface netstat -l shows it listening on localhost:3389; I want to be able to connect to Server B from annother machine Machine C. Machine C can talk to Server B via Server B's eth0. but since the ssh tunnel is only on lo i can't reach it without setting up a forward ssh tunnel from Machine C(tcp 3389) to Server B(localhost tcp 3389). I need help setting up either a ssh tunnel from Machine A to Server B(on Server B's eth0). OR i would like to setup Server B to forward traffic from its lo (tcp port 3389) to Server B's lo (tcp port 3389). I tried to setup the eth0 to lo forward using iptables but it doesn't seem to work. Any help that you can offer would be appreciated (i have search the internet for several hours for a solution but none arised). Thanks Dinomight, feel free to im me with aim (my nick is Darkmadda). |
Yes, it's advanced but not *that* complicated.
First off, what you see is what a tunnel does -- a port (3389 in your case) on your local machine is the entrance to the tunnel that ends at another port on your machine A. You appear to confuse the local interface "lo" (as opposed to, say, eth0) with the localhost: designation. Has nothing to do with the local interface etc. It's just a port on your local machine. Whatever you manage to funnel into B's 3389 port will show up at A's end of that tunnel. Now it doesn't quite become clear what service you have connected there. I'll use VNC in the example below. I tunnel my "A" machine's port 5900 (VNC) to B on 3389 (to stick to your port numbers). Now there's a tunnel waiting and listening there. On "A", a windows machine where a VNC server is running, I did Machine A> ssh -R 3389:localhost:5900 192.168.1.101 (.101 is what we call "B") Now, on a third "C" machine I log in to the same "B" machine by Machine C> ssh -L 5901:localhost:3389 192.168.1.101 This now connects the two tunnels, and A's vnc server shows up as C's local :1 display (port 5901) -- Machine C> vncserver localhost:1 will connect through all the tunnels to A's VNC server. So I guess the short answer is, on machine C do ssh -L <somelocalport>:localhost:3389 ip_of_B and you arrive on machine A. All clear? I hope it helps, mlp |
Cool but.....
Thanks for you suggestion,
I actually have been doing just that however I want to be able to connect from machine C to server B without the user needing to ssh into Server B(setting up a forward tunnel.) The users who will be connecting to machine A are a little stupid and I don't want them to have to ssh into server B. I just want them to remote desktop to Server B. basically i want a reverse tunnel from A to B and have the tunnel open on eth0 rather than l0. If i can't do that with ssh i would want to tunnel from A to B with the tunnel on lo and then setup a static route/port forward from eth0 -> l0 (port 3389 only). This would allow C to remotedesktop to B which would tunnel it to C. I hope it helps clairfy that. -Dinomight |
Resolution?
Hey, I'm trying to do a very similiar thing. I have a machine behind a NAT using ssh ReverseForward to an external machine. I now want connections hitting the external machine to be able to follow the tunnel to the machine behind the NAT.
Machine A calls Machine B and opens a tunnel, B:2222 -> A:22 I want: Machine C to connect to Machine B (I don't care the port) where the traffic is sent to A:22 So maybe Machine C connects to B:2222 which tunnels all the traffic to A:22 Or maybe Machine C connects to B:2223 which redirects to B:2222 which is tunneled to A:22 Ideas, thoughts? Any help is appreciated. Thanks, ~Jason |
| All times are GMT -5. The time now is 08:43 AM. |