Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-17-2003, 03:54 AM   #1
LQ Newbie
Registered: Jul 2003
Location: Belgium , Europe
Distribution: Slackware, Redhat
Posts: 2

Rep: Reputation: 0
automatically open ssh tunnel with xinetd

Hi All,

My company has an external webserver housed somewhere.
I managed to set up some ssh tunnels to specfic ports. Mysql on port 3306 for example. Running the following command on my linuxbox:

ssh -g -T -N -x -L3306:webserver:3306 someuser@webserver

works great. now, everybody in the company can connect to my linuxbox on port 3306 and gets fwded to the webserver in a secure way.

the only problem is that I have to open and close the tunnel by hand, so I made a small config file in /etc/xinetd.d called mysql-tunnel:

service mysql

disable = no
socket_type = stream
protocol = tcp
wait = yes
user = sshunnel
server = /home/someuser/
port = 3306

and made sure "mysql 3306/tcp" was present in /etc/services.
i put the above mentioned ssh command in a small script called /home/someuser/, made it executable and restarted xinetd.
Now, all tunnels are closed. I initiate a connection on port 3306 from another pc to my linuxbox and nothing happens. the connection times out.


If I run "ps aux" it tells me that an ssh tunnel is running fine.
I check /var/log/secure and see that xinetd started the mysql-tunnel, but it hasn't got a from address:

Jul 17 10:19:43 mylinuxbox xinetd[5422]: START: mysql pid=5425 from=<no address>

now, if I change the "wait" parameter in /etc/xinet.d/mysql-tunnel from "yes" to "no" xinetd sees the from address:

Jul 17 10:46:58 mylinuxbox xinetd[5520]: START: mysql pid=5523 from= (my ipaddress)

and, my MYSQL interface doesn't time out, but throws an error.

I tried changing nearly every parameter in the /etc/xinet.d/mysql-tunnel file, but I can't seem to find a solution.

Any help would be greatly appreciated.
Old 07-17-2003, 12:39 PM   #2
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 67
When you run the command on its own are you prompted for a password?
Old 07-17-2003, 05:11 PM   #3
LQ Newbie
Registered: Jul 2003
Location: Belgium , Europe
Distribution: Slackware, Redhat
Posts: 2

Original Poster
Rep: Reputation: 0
well yeah, I figured that one out just after I posted.
I added a "-i /private/key/location" to the ssh command.
but that's not it. I kept on searching and came up with the follwing:

If I change the service port of mysql to 3307 and adapt the /etc/xinet.d/mysql-tunnel file accordingly, my sql client still times out upon opening the tunnel (connecting on 3307), but when I start a second sql client (connecting on 3306), it works fine. So the tunnel is there. Apparently, xinet blocks the port on which it receives it's first connection.

So, I tried an IP alias on eth0 and created eth0:1 with a second IP address. e.g. : eth0 = and eth0:1 =

xinet is listening on and ssh is creating a tunnel on, but that didn't work either, although I'm convinced i'm looking in the right direction ...

greetz, p


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Tunnel - need some help on this MeridianRebel Linux - Networking 2 08-11-2005 02:10 PM
ssh tunnel crep Linux - Networking 2 08-25-2004 08:24 PM
ssh tunnel TroelsSmit Linux - Software 2 04-30-2004 03:30 PM
Ssh Tunnel tinaa Linux - Software 7 07-29-2003 07:52 PM
SSH tunnel? tarballedtux Linux - Networking 3 04-09-2002 03:52 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:12 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration