SSH tunnel not accessible from different machine on same network
Hi everyone
I have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay. So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS This part of it is working perfectly and has been for months. However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel. So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work. Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel? Or are SSH tunnels restricted to localhost connections only? Cheers, B |
I'm a touch confused, so please correct me where I'm wrong. You've got port 1025 on Machine A connected to port 25 on the VPS and now you're trying to connect port 1025 on Machine B to port 25 on the VPS as well? If this is accurate, the problem is that port 25 on the VPS can only be forwarded to one machine at a time, so if the connection between A and the VPS is still active, you won't be able to connect B to the same port.
|
No not quite
I've got MachineA:1025 connected via SSH tunnel to VPS:25 Now I'm trying to connect from MachineB to MachineA:1025... which in theory should forward me to VPS:25 But it's not letting me connect. When trying to telnet to 1025 I get... could not open connection to the host on port 1025, connection failed MachineA and MachineB are in the same network... 192.168.1.x |
Quote:
I've got no experience with this, but if this article is right, it should be do-able. What command are you using to try and establish the SSH tunnel from MachineB to MachineA? |
Yeah I did think that I should be able to do this.
I'm actually establishing the SSH tunnel using autossh, which I've used to keep SSH tunnels alive for years... Code:
autossh -M 0 -f -L1025:127.0.0.1:25 -p 8712 -N -f root@VPS Just checked and iptables firewall and SELinux are disabled on MachineA so there shouldn't be anything blocking it there. EDIT: What's strange is that from MachineA if I run: Code:
this works... |
I think it binds only to the localhost interface, unless you specify a bind address to the -L option or set in addition:
Code:
-oGatewayPorts=yes |
Solved!!
I needed to add the -g switch to the ssh command. Autossh passes any extra switches through to the ssh command so now it works perfectly! So GatewayPorts was the answer. I could also have changed GatewayPorts = yes in ssh_config but I only want that option to apply to this one tunnel. Awesome, thanks all for the help! Especially Reuti, rep added! |
All times are GMT -5. The time now is 08:40 PM. |