Using SSH port forwarding reports success but seems not to work.

karlmdv · 01-31-2006, 07:28 PM

Hi All,

My Setup:
Work Machines:
Linux (10.0.1.15) Slackware v10.0
PC2 (10.0.1.14) MS Win2k

Home Machines:
Linux (192.168.0.5) SuSE v10.0
Betty (192.168.0.4) MS WindowsXP

I'm trying to set up an ssh tunnel to make MS SQL Server replication suitable to be run over the internet. The way I've set this up so far is using a Linux box at work to talk to a Linux box at home using an SSH tunnel to forward ports 139 and 1433 on PC2 to home. There is a Windows box at both ends aswell:

I've run the following command on the Linux machine at work:

ssh -g -T -N -v -R 139:pc2:139 -R 1344:pc2:1344 root@myhost&
I'm using root for this test because I don't know another way to bind to ports < 1024 any other way.

The following is an excerpt of the output:
--------------------------------------------
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: Connections to remote port 139 forwarded to local address pc2:139
debug1: Connections to remote port 1344 forwarded to local address pc2:1344
debug1: Entering interactive session.
debug1: remote forward success for: listen 139, connect pc2:139
debug1: remote forward success for: listen 1344, connect pc2:1344
--------------------------------------------
I then use nmap to determine if the ports are actually open on the home side from both the Linux machine and Betty (Windows):

--------------------------------------------
C:\>nmap 192.168.0.5

Starting Nmap 3.95 ( http://www.insecure.org/nmap ) at 2006-02-01 11:45 AUS East
ern Daylight Time
Interesting ports on 192.168.0.5:
(The 1663 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgres
6000/tcp open X11
MAC Address: 00:0C:6E:4A:32:AA (Asustek Computer)

Nmap finished: 1 IP address (1 host up) scanned in 7.813 seconds

--------------------------------------------
karl@linux:~> nmap 192.168.0.5

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-02-01 11:47 EST
Interesting ports on linux.site (192.168.0.5):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgres
6000/tcp open X11

Nmap finished: 1 IP address (1 host up) scanned in 0.181 seconds

--------------------------------------------

My problem is that although ssh on the 'work' side says the ports have been successfully forwarded to home, they're not open at home. Does anyone have a suggestion as to why this is so?
The SuSE firewall on the home Linux box has been disabled, but to try and rule out any packet filtering that might be going on, I ran nmap from both of the machines on the home side.

Thanks in advance,
Karl.

karlmdv · 02-01-2006, 05:15 PM

Typo on the MS SQL port number:
ssh -g -T -N -v -R 139:pc2:139 -R 1433:betty:1433 root@myhost&

karlmdv · 02-02-2006, 12:32 AM

Found it!

If anyone has this problem, here's what the solution was for me:
I needed to enable the "GatewayPorts yes" directive in the sshd_config file on the Linux box at home.
I'm not sure why my portscan from the Linux box itself didn't show these ports as open (maybe a scan of 127.0.0.1 would have done...)
Hope this helps someone,
ciao!