LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-22-2008, 07:37 AM   #1
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Rep: Reputation: 0
SSH Port Forwarding...


Alright guys I normally dont post questions but this one is really eating me from the inside out. So I have a ubuntu computer in my house which it has an sshd running it works like a champ, one of the reasons I use it is to ssh tunnel, for security reasons and yes to bypass content filtering of my company or any other place. So if im in a windows box I download putty and just do a "putty -ssh -D 8080 -P 443 mydomain.no-ip.com" login with my credentials and im there, just go a change the proxy settins to point to 127.0.0.1 on port 8080 and thats it. Now sick and tired of windows at work I completely changed to linux, im running ubuntu 8.04 and Im trying to do the same thing but it is not working. If I do a "ssh -L 8080:mydomain.no-ip.com:443 mydomain.no-ip.com -p 443 I connect I put my username and password and looks good, but I dont get to use it as a proxy, if i put the proxy setting on the mozilla I get a "protocol mismatch" error on the screen, if I set up pidwin to use proxy it doesnt connect, now I ran a sniffer on my firewall at my house and I see the traffic trying to get there, also when i ssh to it with the -vvv I get the following:


jpatron@ubuntu:~$ debug1: Connection to port 8080 forwarding to mydomain.no-ip.com port 443 requested.
debug2: fd 9 setting TCP_NODELAY
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
debug2: channel 3: open confirm rwindow 2097152 rmax 32768
debug2: channel 3: read<=0 rfd 9 len -1
debug2: channel 3: read failed
debug2: channel 3: close_read
debug2: channel 3: input open -> drain
debug2: channel 3: ibuf empty
debug2: channel 3: send eof
debug2: channel 3: input drain -> closed
debug2: channel 3: rcvd eof
debug2: channel 3: output open -> drain
debug2: channel 3: obuf empty
debug2: channel 3: close_write
debug2: channel 3: chan_shutdown_write: shutdown() failed for fd9: Transport endpoint is not connected
debug2: channel 3: output drain -> closed
debug2: channel 3: rcvd close
debug3: channel 3: will not send data after close
debug2: channel 3: send close
debug2: channel 3: is dead
debug2: channel 3: garbage collecting
debug1: channel 3: free: direct-tcpip: listening port 8080 for mydomain.no-ip.com port 443, connect from 127.0.0.1 port 49891, nchannels 4
debug3: channel 3: status: The following connections are open:
#2 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
#3 direct-tcpip: listening port 8080 for mydomain.no-ip.com port 443, connect from 127.0.0.1 port 49891 (t4 r1 i3/0 o3/0 fd 9/9 cfd -1)

debug3: channel 3: close_fds r 9 w 9 e -1 c -1




(I changed my actual no-ip.com domain to mydomain.no-ip.com on the output for security reasons). Ok so I get that in the verbose response but it doesnt forward the traffic, I know it has something to do with this linux machine because if I try to do it from a windows virtual box that I have in the same linux PC using putty it works. Now I have also tried putty on my linux box and it didnt work. I have looked all over the internet but I have found nothing. Please some help would be apreciate it.
 
Old 07-22-2008, 08:33 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Why are you using -p 443 when connecting from Linux?
 
Old 07-22-2008, 08:57 AM   #3
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
You don't want to have 443 be the destination port on the port forward since your running your ssh on port 443. So your -L option should read
-L 8080:mydomain.no-ip.com:8080
 
Old 07-22-2008, 12:21 PM   #4
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Im doing the -p 443 option because my ssh server is running on port 443....I also tried the 8080:mydomain.no-ip.com:8080 but it has the same result, tho if i tried that on a windows machine it doesnt work, so the correct syntax is 8080:mydomain.no-ip.com:8080. if I do a netstat -na | grep 8080 I see the connection being listening on that port. Couldnt be a configuration thing from ubuntu. By the way both server and client are running ubuntu, funny that I can connect and forward with no problem from windows. Also when I change the proxy settings in the mozilla I get this error "OpenSSH_4.7p1 Debian-8ubuntu1.2 Protocol mismatch.". This one is deff a head scratcher.
 
Old 07-23-2008, 09:50 AM   #5
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Anybody? I really need this to work.
 
Old 07-23-2008, 10:31 AM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Ohhh, I thought you were actually forwarding to a real proxy...

Code:
$ ssh -D 8080 -p 443 user@mydomain.no-ip.com
should do exactly what you want.
 
Old 07-23-2008, 10:40 AM   #7
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
"OpenSSH_4.7p1 Debian-8ubuntu1.2 Protocol mismatch"

Probably means that your browser is talking HTTP to your ssh server and it just doesn't really appreciate HTTP language
So there is something missing in your port forwarding.
 
Old 07-23-2008, 11:17 AM   #8
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Original Poster
Rep: Reputation: 0
One more thing, from my local computer I connect to the server with the port forward "ssh -L 8080:mydomain.no-ip.com:443 mydomain.no-ip.com -p 443" then login and then i open a new console and do a shh localhost -p 8080 it forwards me to the server and i am able to get there and access the server.
 
Old 07-23-2008, 11:36 AM   #9
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Ok, nx5000 your post seems right, can you identify by any chance what is missing on my port forward? I appreciate any help.
 
Old 07-23-2008, 12:06 PM   #10
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
ssh -L 8080:mydomain.no-ip.com:443 mydomain.no-ip.com -p 443

This means that on localhost:8080 the traffic will be ssh-tunneled to mydomain:443 and to establish this forwarding on mydomain, you connect to it via 443 (ssh)

So it can't work because localhost:8080 traffic (HTTP) gets "untunneled" and then forwarded to mydomain:443 (which is not an HTTP proxy but an ssh endpoint). So http traffic goes to your ssh and you get proto mismatch.

Did you try chort solution? I never tried -D.

I would put a proxy on mydomain listening on 8081 and then do it like this:
ssh -C -L 8080:mydomain:8081 -p 443 user@mydomain

And the local browser has to point to 8080.
I used 8080 and 8081 different port to help the confusion.

But this might not work. I guess you put -p 443 because there is a proxy in between. If it only allows https, it will detect ssh traffic. So you need to tunnel in https

Have a look at corkscrew.

Last edited by nx5000; 07-23-2008 at 12:09 PM.
 
Old 07-24-2008, 11:20 AM   #11
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Original Poster
Rep: Reputation: 0
well I particularly don't have a problem with what port, we have websence in the company and they block certain protocols and certain websites, tho I have some ppl in that ssh server which they can only go out in port 443, so thats the reason why i make it listen in that port. Now I know im being insistent but its just strange that it works fine in wondows with not further set up, using just putty, but the same set up in linux wont. Weird. And the -C switch did not work. Dont know what to do.
 
Old 07-24-2008, 07:20 PM   #12
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
okay what port is the proxy server listening on? Do you have something in the putty config that is doing something we don't see on the command line? And what does the -D 8080 do for putty? I looked through the putty manual and didn't see a -D option.
 
Old 07-25-2008, 03:04 AM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Did you totally miss my suggestion? Do the exact same thing on Linux as you did with putty, just drop the "putty -" part of it.

Code:
ssh -D 8080 -p 443 user@mydomain.no-ip.com
-D makes ssh behave as a SOCKS proxy on the specified port and forward that over the secure connection which is established on...
-p is the port number the ssh daemon is listening on.

If you're going to use port forwarding (-L) then you need to actually have a real proxy server listening on that forwarded port at the other end. If you want the ssh daemon itself to be the SOCKS proxy, you need to use -D.

An example of using -L would be if you ran a Squid proxy on your ssh server, you could do:
Code:
 ssh -L3128:localhost:3128 -p 443 user@mydomain.no-ip.com
you would set your browser proxy to be host: localhost port: 3128. On your ssh server Squid would listen on localhost:3128, on your client machine ssh tunnel would listen on localhost:3128 and forward traffic to the Squid port on your server.

You're trying to mix SOCKS proxying with port forwarding and that's why you're having problems. You need to understand the difference between ssh acting as the proxy, and ssh forwarding traffic to a proxy.
 
Old 07-25-2008, 11:04 AM   #14
oshua86
LQ Newbie
 
Registered: Jul 2008
Posts: 8

Original Poster
Rep: Reputation: 0
Thank you very much chort. Im sorry I missed your comment the first time I still added the putty in the command and thats why it didnt work. But hey your explanation has clarify a lot to me regarding the commands on ssh. I apreciate it...Give A+
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh and port forwarding mezeq Linux - Networking 2 11-06-2006 01:29 PM
SSH port forwarding hcz Linux - Networking 3 08-15-2006 12:59 PM
SSH Port Forwarding wwnexc Linux - Networking 4 09-29-2005 01:26 AM
Port forwarding for ssh Adriaan Linux - Networking 1 03-08-2004 09:11 AM
Help with Port Forwarding for SSH mi6 Linux - Networking 6 07-29-2003 12:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration