Failed SSH tcp forwarding
I want to create a tunnel from my home computer to a linux server by SSH, then i can use the tunnel as a tcp forwarding proxy(SOCK 5) to access the web via the linux server.
But i got "Internet Explorer cannot display the webpage" on my home computer, and when i check the "/var/log/secure" in the linux server(fedora), I found: "sshd[17926]: error: connect to xx.xx.xx.xx port 80 failed: Permission denied" How can i solve this problem? Thanks in adv. |
Can you post the steps you're using to create the tunnel ?
|
I just use the ssh server included in fedora.
"service sshd start". Then i use the "putty" or "myentunnel" in the home computer. I can use putty login in the fedora server via ssh, and i set the tunnel in the putty config . I also try the "myentunnel" as the ssh client, and the log show : "[15:43:53 05/16] plink.exe: Sent password [15:43:53 05/16] plink.exe: Access granted [15:43:53 05/16] plink.exe: Local port 7070 SOCKS dynamic forwarding [15:44:00 05/16] Connection is stable " But when i use browser via the proxy 127.0.0.1:7070, it doesn't work. I check the log file in the fedora server,the i found: "sshd[17926]: error: connect to xx.xx.xx.xx port 80 failed: Permission denied" |
Just a thought, but check in your sshd_config and make sure you don't have a line like the following:
Quote:
|
Quote:
AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes so i think i have already turn the allow tcp forwarding on. |
If you use SOCKS, this must be setup in the browser network setup instead of specifying a port for the URL. Are you just forwarding port 7070 to a remote machine or setting up SOCKS in putty?
|
Quote:
As the server's log tell me :""sshd[17926]: error: connect to xx.xx.xx.xx port 80 failed: Permission denied" I think that the request has been received by the server, but it can't open the destination web page for some reason and it can return the client machine the correct result. But i don't know why the server can't open the remote web page and return to the proxy of putty in the client machine. |
You are accessing a webserver on the server machine itself or an external one?
|
Quote:
A |
Do you perchance have any sort of firewall, such as iptables running on this system that would prevent outbound traffic? It wouldn't necessarily be port 80, but could be on a higher order port.
|
Quote:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination |
Are all external servers blocked or just one particular one?
|
Quote:
I also notice you have a rule "ACCEPT all -- anywhere anywhere" is this perchance on the loop back interface? If not, the other rules below it are nullified. If it is, one thing that occurred to me is that with a socks proxy works on a higher port, but the thing is that this is on the local machine, not the server. In other words, this shouldn't impact the ability to proxy via SSH. Again, the more I think about it, with your iptables policy to ACCEPT, which is fine, you might want to temporarily flush all the rules and see if that is the behind the difficulties. |
Are all external servers blocked or just one particular one?
-------------------------------------------------------- Yes, all external servers blocked. Quote:
" Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination " And then i do the same thing before, and the log ifle still says: test1 sshd[22712]: error: connect to X.X.X.X port 80 failed: Permission denied :( |
Can you access the external website with the server machine itself, to rule out that the problem is on your side at all.
|
All times are GMT -5. The time now is 05:05 PM. |