Hello together!

I've a server with
- a service port 2000 behind a firewall and
- an SSH service.

I've a mediator which can access the server via ssh.
So I can create a tunnel on the mediator:
user@mediator$ ssh -L 4000:localhost:2000 server

Now on the mediator I can connect to the port 4000 which is forwarded to server:2000 .

But the port 4000 of mediator isn't usable for other clients outside the system. Is it possible to change it that the port will be connectable by another clients, too. I mean like this:
user@client$ application mediator:4000

Many thanks for any help!

Regards

Wouldn't this work:

user@client$ ssh -f -L 4000:server:2000 mediator -N

then access the localhost:4000 with your app

http://www.revsys.com/writings/quick...sh-tunnel.html

Your command
user@client$ ssh -f -L 4000:server:2000 mediator -N
wouldn't work because mediator can't access port 2000 of server directly (2000 is behind a firewall). It only can access port 22 of server and open a SSH tunnel to 2000.

But thanks for your help!

BTW:
The configuration is that mediator has no SSH server.
Otherwise the problem could be solved like this:

user@mediator$ ssh -L 4000:localhost:2000 server
user@client$ ssh -L 6000:localhost:4000 mediator
user@client$ application localhost 6000

(I write 2000, 4000, 6000 to see better which port number belongs to which other one).

The configuration is that mediator has no SSH server.

That would be a problem. You need SSH server running in order to accomplish this to the best of my knowledge.
If no one can SSH into your mediator then they cannot ssh tunnel.

Hmm...
The question is if you can set ssh in such a way that clients from "outside" can access a port which is the "entering" port of a SSH tunnel.

In other words my overall question is:
If you open a SSH tunnel
user@mediator$ ssh <portm>:<host>:<porth> <server>
then _local_ clients on mediator can connect to <portm>.

But is there a possibility to make <portm> of mediator connectable for _remote_ clients, too?

client => mediator =>FW=> server

If I understand this properly.
1) You have access to get from the mediator to the server behind the firewall.
2) Clients are unable to SSH into mediator but you'd like them to ride a tunnel on some port; somehow.

If that's the case then to the best of my knowledge that cannot be done.

@tollingalo
I think you understood it 100% right.
But I don't know how you mean "cannot be done".
Maybe you mean "cannot be done with the ssh client".

Statement:
I think technically in general it can be done.

Argumentation:
Because if mediator would have SSH, this would be possible - I've tested it:
user@mediator$ ssh -L 4000:localhost:2000 server
user@client$ ssh -L 6000:localhost:4000 mediator
user@client$ application localhost 6000

Implication:
So technically I see no limit to write a software which
1) would run on mediator
2) would map the only locally accesible port 4000 to a very normal also remotely accessible port 6000 which could be accessed by client


But maybe you mean that you don't know any software which could do that.
Maybe you're right. I also don't know anyone - hence I asked here.
Thanks for your help!

Maybe someone else has an idea?

Is there any firewall on mediator too, which blocks port 4000? Others should be able to use it. If it’s only available locally, you can check the setting GatewayPorts and set it to yes, so it will be available remotely.

1 members found this post helpful.

Hello Reuti!

The mediator has no firewall on 6000 (I think you meant 6000 because 4000 isn't used on the mediator).

So
GatewayPorts yes
in my
/etc/ssh/ssh_config
is exactly what I need.

Best regards and Many Thanks for your help!