LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-03-2008, 07:23 PM   #1
gms5002
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Rep: Reputation: 0
Help with ssh tunnel


Hello everyone,

I was hoping someone could give me a little insight into this problem I am having. Here is what I am trying to set up (I'll just make up port numbers for demonstration purposes - but note that this is not http traffic):

[{A} client's server (we can't touch this)] ---sends information through a socket (port 33600) ---> [{B} our server at client location] --ssh tunnel over public internet (port 33610)-->[{C} application server at our data center]

Now, I've set up an ssh tunnel from B to C like so:
ssh me@{C} -L 33600/{C}/33610

So from B, I can telnet localhost 33600 and I can also send text through port 33600 and receive it through 33610 on C. However, from B if I try to telnet to B's physical ip address on port 33600 I get connection refused. I also cannot send anything through a socket to B's ip address from B on port 33600 due to connection refused. Needless to say, I cannot connect from A to B over this port either. A netstat on B produces these relevant lines:

tcp 0 0 127.0.0.1:33600 0.0.0.0:* LISTEN
tcp 0 0 ::1:33600 :::* LISTEN

Of particular interest to me is the bold 1 in the netstat line posted above. For comparison the line for ssh says:

tcp 0 0 :::22 :::* LISTEN

Here there are just three colons and no 1. Is that 1 a flag for something? I have been looking around for the meaning of this column, but I haven't been able to find anything.

I've also disabled iptables to see if it would help, but I still cannot connect. Does anyone see anything wrong or how I can get information from A through the ssh tunnel to C? I am also open to other suggestions on how to accomplish this goal. I originally tried to set up Squid on B, but that did not work out since the traffic was not http.

Thanks for any advice,
Greg
 
Old 10-03-2008, 07:56 PM   #2
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
hi gms,

Quote:
client's server (we can't touch this)
first - there is no such thing as we cant touch this thing in networking as simple as how can/do we know/troubleshoot if something really working or not

Quote:
tcp 0 0 127.0.0.1:33600 0.0.0.0:* LISTEN
tcp 0 0 ::1:33600 :::* LISTEN
note : the first line is ipv4 - and the second is ipv6.

it is saying that the target application is listening only on loopback interface. yes - you can do anything within localhost host - but not from any source/interface other than localhost.

make sure your application listening on 0.0.0.0 (any IP or any interface) - and do check if you have any firewall blocking the connection - as simple as ping or telnet port# or nmap if you need, or you can check the route.

HTH.
 
Old 10-03-2008, 10:05 PM   #3
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 128Reputation: 128
By default, ssh port forwards only listen on localhost. Add -g to allow connections from other than localhost. Also, depending on your version, you may need to specify the port forward as: "ssh -g -L '*:36000:{C}:33610' me@{C}" to bind to all interfaces available.
 
Old 10-03-2008, 11:47 PM   #4
gms5002
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Matir View Post
By default, ssh port forwards only listen on localhost. Add -g to allow connections from other than localhost. Also, depending on your version, you may need to specify the port forward as: "ssh -g -L '*:36000:{C}:33610' me@{C}" to bind to all interfaces available.
Thanks! I'll give this a try on Monday and report back.
 
Old 10-06-2008, 01:35 PM   #5
gms5002
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Original Poster
Rep: Reputation: 0
Well, when I tried to use the -g option, I get an error which says

bind: address already in use

I tried changing the ports and still got the same error. I did some googling on the error and turned up this report claiming a bug in openssh:

https://bugs.launchpad.net/ubuntu/+s...ssh/+bug/61414

Does anyone know anything about this?
 
Old 10-06-2008, 04:04 PM   #6
gms5002
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Original Poster
Rep: Reputation: 0
Some people on various forums have indicated that the error can be ignored, so I tried to telnet to the port, here is the error I am getting:

On server B:

Quote:
[root@serverB ~]# ssh -g -L 36000:serverC:33610 me@serverC
me@serverC's password:
bind: Address already in use
[shell opens up for serverC]
Then on server A:

Quote:
[root@serverA ~]#telnet serverB 36000
Trying xxx.xxx.xxx.xxx...
Connected to serverB (xxx.xxx.xxx.xxx).
Escape character is '^]'.
Connection closed by foreign host.
[root@serverA ~]#
If I switch back to the serverB tab from above (which is now a shell on serverC), I see:
Quote:
channel 2: open failed: connect failed: Connection refused
That shows up each time I try and telnet. Any ideas?
 
Old 10-06-2008, 04:06 PM   #7
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Seems like serverC is not accepting the connection on port 33610. From serverC, can you telnet serverC 33610?
 
Old 10-06-2008, 05:18 PM   #8
gms5002
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Matir View Post
Seems like serverC is not accepting the connection on port 33610. From serverC, can you telnet serverC 33610?
OOPS!! you are right, I forgot to start the server. Thanks!

For anyone who finds this thread in the future, it seems as though you can ignore this bind error, as the forwarding still works.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to tunnel X over SSH DaneM Linux - Software 23 06-07-2008 09:17 AM
setting up an ssh soxy or local ssh tunnel from within an ssh soxy Mangenius Linux - Networking 0 03-05-2007 04:15 PM
SSH tunnel help ZST Linux - Networking 2 07-05-2006 02:35 PM
ssh tunnel crep Linux - Networking 2 08-25-2004 09:24 PM
ssh tunnel TroelsSmit Linux - Software 2 04-30-2004 04:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration