LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-01-2010, 11:48 AM   #1
philosophia
Member
 
Registered: Jun 2006
Posts: 54

Rep: Reputation: 15
Multiple hop tunnel to chain port forwarding


I was having trouble setting up a db connection from my local machine to a db server that was configured to only accept connections from machines behind its own subnet. I had trouble setting up a multiple hop tunnel for chaining port forwarding through my firewall machine on the same subnet as the db. My first attempt involved two port forwards, on localhost and on the firewall machine, which didn't work for me. This approach I found at http://www.derkeiler.com/Newsgroups/.../msg00267.html involved constructing an end to end connection to the db via the firewall machine

Quote:
When you have to go through multiple hops, it's usually better to get an
end-to-end connection. In this case:

ssh -oproxycommand="ssh -qaxT firewall nc %h %p" -L 5432:localhost:5432 dbserver

If you have a copy of the snail book, section 11.4 (p444) has a discussion
of these two approaches.

The annoyance with the second approach is that it requires having netcat
("nc") or something equivalent on the intermediate host. I hope that
someday OpenSSH will have this feature built in, i.e. connecting an exec
channel to a remote TCP connection.
I'm trying to understand what this command does. I know what these options mean

-L construct a port forwarding tunnel
-q Quiet mode - surpresses warnings/diagnostic messages
-a Disables forwarding of the authentication agent connection (as opposed to -A which enables it)
-x Disables X11 forwarding (as opposed to -X which enables it)
-T disables pseudo-tty allocation


but I'm not clear on what the 'ssh -oproxycommand="ssh -qaxT firewall nc %h %p"'

My guess about what this command does is: I'm constructing and end to end connection between localhost and dbserver via firewall by running the command nc %h %p on firewall - my limited understanding of netcat is it forwards host and port? something like that? Anyways, I just want to understand what this command does, if anyone would like to comment. Thanks.
 
Old 02-01-2010, 06:49 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Try this page http://www.openbsd.org/cgi-bin/man.c...penBSD+Current and search for Proxycommand
 
Old 02-02-2010, 10:27 AM   #3
philosophia
Member
 
Registered: Jun 2006
Posts: 54

Original Poster
Rep: Reputation: 15
Thanks, that was helpful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port forwarding - multiple IP's and openvpn jonnytabpni Linux - Networking 2 09-19-2009 02:41 AM
IP Masquerading/UPnP problem - port not forwarding through multiple NATs ricka Linux - Networking 7 12-18-2006 05:53 PM
Port Forwarding and multiple gateways eqxro Linux - Networking 4 01-28-2006 10:32 AM
ssh tunnel / port forwarding Q FrayAdjacent Linux - Networking 2 07-05-2005 04:37 PM
port forwarding with iptables and multiple ethernet interf. CleonII Linux - Security 8 04-15-2005 09:27 AM


All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration