LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-31-2006, 07:28 PM   #1
karlmdv
LQ Newbie
 
Registered: Mar 2005
Distribution: Slackware 10
Posts: 14

Rep: Reputation: 0
Using SSH port forwarding reports success but seems not to work.


Hi All,

My Setup:
Work Machines:
Linux (10.0.1.15) Slackware v10.0
PC2 (10.0.1.14) MS Win2k

Home Machines:
Linux (192.168.0.5) SuSE v10.0
Betty (192.168.0.4) MS WindowsXP


I'm trying to set up an ssh tunnel to make MS SQL Server replication suitable to be run over the internet. The way I've set this up so far is using a Linux box at work to talk to a Linux box at home using an SSH tunnel to forward ports 139 and 1433 on PC2 to home. There is a Windows box at both ends aswell:

I've run the following command on the Linux machine at work:

ssh -g -T -N -v -R 139:pc2:139 -R 1344:pc2:1344 root@myhost&
I'm using root for this test because I don't know another way to bind to ports < 1024 any other way.


The following is an excerpt of the output:
--------------------------------------------
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: Connections to remote port 139 forwarded to local address pc2:139
debug1: Connections to remote port 1344 forwarded to local address pc2:1344
debug1: Entering interactive session.
debug1: remote forward success for: listen 139, connect pc2:139
debug1: remote forward success for: listen 1344, connect pc2:1344
--------------------------------------------
I then use nmap to determine if the ports are actually open on the home side from both the Linux machine and Betty (Windows):

--------------------------------------------
C:\>nmap 192.168.0.5

Starting Nmap 3.95 ( http://www.insecure.org/nmap ) at 2006-02-01 11:45 AUS East
ern Daylight Time
Interesting ports on 192.168.0.5:
(The 1663 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgres
6000/tcp open X11
MAC Address: 00:0C:6E:4A:32:AA (Asustek Computer)

Nmap finished: 1 IP address (1 host up) scanned in 7.813 seconds

--------------------------------------------
karl@linux:~> nmap 192.168.0.5

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-02-01 11:47 EST
Interesting ports on linux.site (192.168.0.5):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgres
6000/tcp open X11

Nmap finished: 1 IP address (1 host up) scanned in 0.181 seconds

--------------------------------------------

My problem is that although ssh on the 'work' side says the ports have been successfully forwarded to home, they're not open at home. Does anyone have a suggestion as to why this is so?
The SuSE firewall on the home Linux box has been disabled, but to try and rule out any packet filtering that might be going on, I ran nmap from both of the machines on the home side.

Thanks in advance,
Karl.
 
Old 02-01-2006, 05:15 PM   #2
karlmdv
LQ Newbie
 
Registered: Mar 2005
Distribution: Slackware 10
Posts: 14

Original Poster
Rep: Reputation: 0
Typo on the MS SQL port number:
ssh -g -T -N -v -R 139:pc2:139 -R 1433:betty:1433 root@myhost&
 
Old 02-02-2006, 12:32 AM   #3
karlmdv
LQ Newbie
 
Registered: Mar 2005
Distribution: Slackware 10
Posts: 14

Original Poster
Rep: Reputation: 0
Found it!
If anyone has this problem, here's what the solution was for me:
I needed to enable the "GatewayPorts yes" directive in the sshd_config file on the Linux box at home.
I'm not sure why my portscan from the Linux box itself didn't show these ports as open (maybe a scan of 127.0.0.1 would have done...)
Hope this helps someone,
ciao!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Port Forwarding wwnexc Linux - Networking 4 09-29-2005 01:26 AM
SSH Port forwarding WRSpithead Linux - Networking 1 04-18-2005 04:09 AM
Port forwarding for ssh Adriaan Linux - Networking 1 03-08-2004 09:11 AM
Help with Port Forwarding for SSH mi6 Linux - Networking 6 07-29-2003 12:46 PM
SSH port forwarding tarballedtux Linux - Networking 2 05-29-2002 07:16 PM


All times are GMT -5. The time now is 04:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration