Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Still i get the same error. Do i need to check for anything in sshd config file on hostB?
If you get connected to hostB, it's mostly OK. But you could check for any options that would disable forwarding.
But sure the previous ssh command using -L has been killed before trying to use pwc101's ssh command using -D. Otherwise the new command cannot bind to port 9999. Or use a different port number.
Can you run tcpdump (need root access) on hostB to see what actual network traffic is being attempted?
Just to be sure, this is all about using Firefox on hostA, with all the traffic going out of hostA being through the SSH connection from hostA to hostB, and the traffic going to various internet sites going out of hostB. So if these hosts have static IP addresses without translation to the internet, web sites will see the HTTP(S) requests coming from hostB.
hostB>tcpdump -i eth0 dst port 22
03:50:19.401146 IP hostA.51842 > hostB.ssh: S 1320164285:1320164285(0) win 5840 <mss 1460,sackOK,timestamp 160938463 0,nop,wscale 7>
03:50:19.401402 IP hostA.51842 > hostB.ssh: . ack 380061965 win 46 <nop,nop,timestamp 160938463 156729199>
03:50:19.407065 IP hostA.51842 > hostB.ssh: . ack 22 win 46 <nop,nop,timestamp 160938464 156729200>
shouldn't hostAs source port be 9999 instead of 51842? Also,in the sshd.conf file i see that allowTCPforwarding is commented out on hostA and B. When i did a wireshark on hostA,and captured few packets,i could see the ssh encrypted packets.
Also,in the sshd.conf file i see that allowTCPforwarding is commented out on hostA and B.
No, that's fine as is: I have the same line commented out and am perfectly able to forward the relevant ports from home.
Try a killall ssh as a normal user on the remote SSH server (host B in your example) to kill all existing ssh connections from host A. Then, try sshing in again from host A.
If you still get nowhere, turn up the verbosity on the ssh commands with -vvv to see what's happening as it connects, and look out for any error messages or warnings.
hostB>tcpdump -i eth0 dst port 22
03:50:19.401146 IP hostA.51842 > hostB.ssh: S 1320164285:1320164285(0) win 5840 <mss 1460,sackOK,timestamp 160938463 0,nop,wscale 7>
03:50:19.401402 IP hostA.51842 > hostB.ssh: . ack 380061965 win 46 <nop,nop,timestamp 160938463 156729199>
03:50:19.407065 IP hostA.51842 > hostB.ssh: . ack 22 win 46 <nop,nop,timestamp 160938464 156729200>
shouldn't hostAs source port be 9999 instead of 51842? Also,in the sshd.conf file i see that allowTCPforwarding is commented out on hostA and B. When i did a wireshark on hostA,and captured few packets,i could see the ssh encrypted packets.
For hostB the file /etc/ssh/sshd_config is what matters, since it is the server end.
It looks like you have ssh listening to port 9999 as it should. All connections from the browser in SOCKS5 mode should go to port 9999 on hostA, both ends being with address 127.0.0.1. But, in hostB, you should see connections originating from an sshd process, with arbitrary source ports, and appropriate source addresses depending on the destination, going to the designated destination address and port. Doing tcpdump on hostB is what is telling. The traffic between hostA and hostB over ssh does not matter beyond making sure there is an appropriate volume of traffic. So on hostB do this:
Code:
tcpdump -i any not port 22
Or better yet:
Code:
tcpdump -i any dst port 80
and visit a web server at the standard port 80. If you don't see any traffic in hostB going to the visited destination, then check the /etc/sshd/sshd_config file to see if it is set to disable any forwarding. If it is OK, the next thing to check is iptables.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.