LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Linux Mint, ssh, iptables (https://www.linuxquestions.org/questions/linux-security-4/linux-mint-ssh-iptables-4175509203/)

nerdofdarkness 06-25-2014 09:25 PM
Linux Mint, ssh, iptables
 
I have been searching through other threads on this forum related to ssh.

I have tried to apply the commands from earlier threads and I get syntax errors.

I am on Linux Mint; I am trying to connect to a server running Ubuntu Server.

I want to forward ports. I have a rough idea that this ought to be possible because I saw that other people got it to work on a thread at:

http://www.reddit.com/r/i2p/comments...outer/#chok15q

That thread recommends using ssh -L

Where the server's IP address is www.xxx.yyy.zzz, I have tried two versions of ssh:

A)

Code:
ssh -L 4444:127.0.0.1:4444 -L 4445:127.0.0.1:4445 -L 7567:127.0.0.1:7567 user@www.xxx.yyy.zzz
B)
Code:
ssh -R 4444:127.0.0.1:4444 -R 4445:127.0.0.1:4445 -R 7567:127.0.0.1:7567 user@www.xxx.yyy.zzz
The first command returned three copies of the same error:
Code:

bind: Cannot assign requested address
bind: Cannot assign requested address
bind: Cannot assign requested address
However, the first version of the command allowed the i2p logo to show up in the browser, although it did not render the entire page, so it seems that some information was getting through.

When I tried refreshing the page 127.0.0.1:4444 in IceCat, the Server prompt showed:
Code:
user@sa0311:~$ channel 4: open failed: connect failed: Connection refused
channel 4: open failed: connect failed: Connection refused
The second command, B, returned no errors, but did not allow any information to get through the proxy.

In both IceCat and the Mint Dashboard System Settings, I have the proxy enabled for both HTTP and SSH as 127.0.0.1:4444.

However, when I try to view that page in the browser, nothing loads. When I try to view www.xxx.yyy.zzz:4444 in a browser, I get the following error:

Code:
The proxy server is refusing connections
     
     
          IceCat is configured to use a proxy server that is refusing connections.
       
     

  Check the proxy settings to make sure that they are correct.
  Contact your network administrator to make sure the proxy server is
    working.
I suspect I ought to use iptables on both machines to make sure that 4444, 4445, and 7567 are open, but I don't really know what to do.

I tried:
Code:
sudo iptables -I INPUT 1 -i wlan0 -p tcp --tcp-flags SYN,RST,ACK SYN --dport 20000 -m conntrack --ctstate NEW -j ACCEPT

sudo iptables -I INPUT 1 -i wlan0 -p udp --dport 20000 -m conntrack --ctstate NEW -j ACCEPT

because those commands appeared at:
http://how-to.linuxcareer.com/i2p-an...for-the-masses

and they returned no errors on the server and the client but nothing changed.

Update:

Following an example at:

http://serverfault.com/questions/196...-ssh-tunneling

I added
Code:
AllowTcpForwarding yes
to the ssh_config on the remote server.

This changed the errors at login from:

Code:
channel 4: open failed: connect failed: Connection refused
channel 4: open failed: connect failed: Connection refused
channel 4: open failed: connect failed: Connection refused
to
Code:

bind: Cannot assign requested address
channel_setup_fwd_listener: cannot listen to port: 4444
bind: Cannot assign requested address
channel_setup_fwd_listener: cannot listen to port: 4445
bind: Cannot assign requested address
channel_setup_fwd_listener: cannot listen to port: 7567
Could not request local forwarding.
Update 2:

By modifying /etc/hosts to include

127.0.0.1 www.xxx.yyy.zzz

the i2p console seems to come up correctly.

The connections tend to time out, but that's probably because the bandwidth is not adequate.

sag47 06-29-2014 10:46 PM
Glad you got it. I was going to mention /etc/hosts entry but after reading your update you seem to have got it. I'm simply making this post to remove your question from the zero reply threads list.


All times are GMT -5. The time now is 07:59 AM.