Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 02-01-2010, 10:48 AM   #1
Registered: Jun 2006
Posts: 54

Rep: Reputation: 15
Multiple hop tunnel to chain port forwarding

I was having trouble setting up a db connection from my local machine to a db server that was configured to only accept connections from machines behind its own subnet. I had trouble setting up a multiple hop tunnel for chaining port forwarding through my firewall machine on the same subnet as the db. My first attempt involved two port forwards, on localhost and on the firewall machine, which didn't work for me. This approach I found at involved constructing an end to end connection to the db via the firewall machine

When you have to go through multiple hops, it's usually better to get an
end-to-end connection. In this case:

ssh -oproxycommand="ssh -qaxT firewall nc %h %p" -L 5432:localhost:5432 dbserver

If you have a copy of the snail book, section 11.4 (p444) has a discussion
of these two approaches.

The annoyance with the second approach is that it requires having netcat
("nc") or something equivalent on the intermediate host. I hope that
someday OpenSSH will have this feature built in, i.e. connecting an exec
channel to a remote TCP connection.
I'm trying to understand what this command does. I know what these options mean

-L construct a port forwarding tunnel
-q Quiet mode - surpresses warnings/diagnostic messages
-a Disables forwarding of the authentication agent connection (as opposed to -A which enables it)
-x Disables X11 forwarding (as opposed to -X which enables it)
-T disables pseudo-tty allocation

but I'm not clear on what the 'ssh -oproxycommand="ssh -qaxT firewall nc %h %p"'

My guess about what this command does is: I'm constructing and end to end connection between localhost and dbserver via firewall by running the command nc %h %p on firewall - my limited understanding of netcat is it forwards host and port? something like that? Anyways, I just want to understand what this command does, if anyone would like to comment. Thanks.
Old 02-01-2010, 05:49 PM   #2
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,377

Rep: Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755Reputation: 2755
Try this page and search for Proxycommand
Old 02-02-2010, 09:27 AM   #3
Registered: Jun 2006
Posts: 54

Original Poster
Rep: Reputation: 15
Thanks, that was helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
port forwarding - multiple IP's and openvpn jonnytabpni Linux - Networking 2 09-19-2009 01:41 AM
IP Masquerading/UPnP problem - port not forwarding through multiple NATs ricka Linux - Networking 7 12-18-2006 04:53 PM
Port Forwarding and multiple gateways eqxro Linux - Networking 4 01-28-2006 09:32 AM
ssh tunnel / port forwarding Q FrayAdjacent Linux - Networking 2 07-05-2005 03:37 PM
port forwarding with iptables and multiple ethernet interf. CleonII Linux - Security 8 04-15-2005 08:27 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:06 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration