Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-26-2005, 09:54 PM   #1
LQ Newbie
Registered: May 2005
Posts: 2

Rep: Reputation: 0
SSH reverse tunnel (lo only? why not eth0)(how to forward tcp port from eth0 to lo)

I have setup a reverse tunnel in ssh to allow connections to remotedesktop on Machine A. Machine A will ssh into the server (Server B) the tunnel is setup properly, Server B forwards traffic on TCP port 3389 to Machine A on TCP port 3389, However ssh only listens on the loopback interface netstat -l shows it listening on localhost:3389; I want to be able to connect to Server B from annother machine Machine C. Machine C can talk to Server B via Server B's eth0. but since the ssh tunnel is only on lo i can't reach it without setting up a forward ssh tunnel from Machine C(tcp 3389) to Server B(localhost tcp 3389). I need help setting up either a ssh tunnel from Machine A to Server B(on Server B's eth0). OR i would like to setup Server B to forward traffic from its lo (tcp port 3389) to Server B's lo (tcp port 3389). I tried to setup the eth0 to lo forward using iptables but it doesn't seem to work. Any help that you can offer would be appreciated (i have search the internet for several hours for a solution but none arised).
Dinomight, feel free to im me with aim (my nick is Darkmadda).

Last edited by Dinomight; 05-28-2005 at 12:40 AM.
Old 05-29-2005, 07:32 PM   #2
Registered: Jun 2002
Location: NY
Distribution: Gentoo,RH
Posts: 333

Rep: Reputation: 40
Yes, it's advanced but not *that* complicated.

First off, what you see is what a tunnel does -- a port (3389 in your case) on your local machine is the entrance to the tunnel that ends at another port on your machine A. You appear to confuse the local interface "lo" (as opposed to, say, eth0) with the localhost: designation. Has nothing to do with the local interface etc. It's just a port on your local machine.

Whatever you manage to funnel into B's 3389 port will show up at A's end of that tunnel. Now it doesn't quite become clear what service you have connected there. I'll use VNC in the example below.

I tunnel my "A" machine's port 5900 (VNC) to B on 3389 (to stick to your port numbers). Now there's a tunnel waiting and listening there. On "A", a windows machine where a VNC server is running, I did

Machine A> ssh -R 3389:localhost:5900 (.101 is what we call "B")

Now, on a third "C" machine I log in to the same "B" machine by

Machine C> ssh -L 5901:localhost:3389

This now connects the two tunnels, and A's vnc server shows up as C's local :1 display (port 5901) --

Machine C> vncserver localhost:1

will connect through all the tunnels to A's VNC server.

So I guess the short answer is, on machine C do

ssh -L <somelocalport>:localhost:3389 ip_of_B

and you arrive on machine A.

All clear? I hope it helps,

Old 05-29-2005, 08:09 PM   #3
LQ Newbie
Registered: May 2005
Posts: 2

Original Poster
Rep: Reputation: 0
Cool but.....

Thanks for you suggestion,
I actually have been doing just that however I want to be able to connect from machine C to server B without the user needing to ssh into Server B(setting up a forward tunnel.) The users who will be connecting to machine A are a little stupid and I don't want them to have to ssh into server B. I just want them to remote desktop to Server B. basically i want a reverse tunnel from A to B and have the tunnel open on eth0 rather than l0. If i can't do that with ssh i would want to tunnel from A to B with the tunnel on lo and then setup a static route/port forward from eth0 -> l0 (port 3389 only). This would allow C to remotedesktop to B which would tunnel it to C. I hope it helps clairfy that.
Old 08-17-2006, 10:44 PM   #4
LQ Newbie
Registered: Aug 2006
Posts: 1

Rep: Reputation: 0

Hey, I'm trying to do a very similiar thing. I have a machine behind a NAT using ssh ReverseForward to an external machine. I now want connections hitting the external machine to be able to follow the tunnel to the machine behind the NAT.

Machine A calls Machine B and opens a tunnel, B:2222 -> A:22
I want:
Machine C to connect to Machine B (I don't care the port) where the traffic is sent to A:22

So maybe Machine C connects to B:2222 which tunnels all the traffic to A:22
Or maybe Machine C connects to B:2223 which redirects to B:2222 which is tunneled to A:22

Ideas, thoughts? Any help is appreciated.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Tunnel - need some help on this MeridianRebel Linux - Networking 2 08-11-2005 03:10 PM
ssh tunnel crep Linux - Networking 2 08-25-2004 09:24 PM
ssh tunnel TroelsSmit Linux - Software 2 04-30-2004 04:30 PM
Reverse SSH Tunnel sniggleflop Linux - Security 1 10-13-2002 02:24 PM
SSH tunnel? tarballedtux Linux - Networking 3 04-09-2002 04:52 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:54 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration