[SOLVED] SSH tunnel not accessible from different machine on same network

batfastad · 12-16-2010, 07:58 AM

Hi everyone

I have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay.

So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS
This part of it is working perfectly and has been for months.

However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel.
So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work.

Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel?

Or are SSH tunnels restricted to localhost connections only?

Cheers, B

Hangdog42 · 12-16-2010, 11:52 AM

I'm a touch confused, so please correct me where I'm wrong. You've got port 1025 on Machine A connected to port 25 on the VPS and now you're trying to connect port 1025 on Machine B to port 25 on the VPS as well? If this is accurate, the problem is that port 25 on the VPS can only be forwarded to one machine at a time, so if the connection between A and the VPS is still active, you won't be able to connect B to the same port.

batfastad · 12-16-2010, 12:09 PM

No not quite

I've got MachineA:1025 connected via SSH tunnel to VPS:25
Now I'm trying to connect from MachineB to MachineA:1025... which in theory should forward me to VPS:25
But it's not letting me connect.

When trying to telnet to 1025 I get... could not open connection to the host on port 1025, connection failed

MachineA and MachineB are in the same network... 192.168.1.x

Hangdog42 · 12-16-2010, 01:59 PM

Quote:

I've got MachineA:1025 connected via SSH tunnel to VPS:25
Now I'm trying to connect from MachineB to MachineA:1025... which in theory should forward me to VPS:25

I've got no experience with this, but if this article is right, it should be do-able. What command are you using to try and establish the SSH tunnel from MachineB to MachineA?

batfastad · 12-16-2010, 04:07 PM

Yeah I did think that I should be able to do this.

I'm actually establishing the SSH tunnel using autossh, which I've used to keep SSH tunnels alive for years...

Code:

autossh -M 0 -f -L1025:127.0.0.1:25 -p 8712 -N -f root@VPS
which I believe translates to an SSH command of...
ssh -L1025:127.0.0.1:25 -p 8712 -N root@VPS

Port 8712 is the SSH port of the remote server, rather than the default 22.

Just checked and iptables firewall and SELinux are disabled on MachineA so there shouldn't be anything blocking it there.

EDIT: What's strange is that from MachineA if I run:

Code:

this works...
telnet localhost 1025

this doesn't, connection refused...
telnet 192.168.1.5 1025

Any ideas?

Reuti · 12-17-2010, 04:45 AM

I think it binds only to the localhost interface, unless you specify a bind address to the -L option or set in addition:

Code:

-oGatewayPorts=yes

to use all interfaces.

batfastad · 12-17-2010, 07:23 AM

Solved!!
I needed to add the -g switch to the ssh command.
Autossh passes any extra switches through to the ssh command so now it works perfectly!

So GatewayPorts was the answer.
I could also have changed GatewayPorts = yes in ssh_config but I only want that option to apply to this one tunnel.

Awesome, thanks all for the help! Especially Reuti, rep added!