A little question to an SSH guru (port forwarding)
I have the following setup:
serverA - internet - serverB - serverC I do on serverA: ssh -L10000:serverC:10000 serverB This will connect localhost:10000 of serverA to serverC:10000. Since the connection is made to localhost, it can only be used locally, on serverA itself (so far as I know). Is there a way to establish the connection in a way that any machine close to serverA can make use of it? i.e. to connect serverA:10000 to serverC:10000, so that any client (even if not having ssh) connecting to serverA:10000 would actually connect to serverC:10000? |
If I understand what you want to do - you need to edit sshd_config and set "GatewayPorts" to yes.
|
Thanks, it seems to be just what i need.
I wonder, however, how this exactly works on internet gateways? I mean: does it forward port lo:10000, iif:10000, oif:10000, or all? (You might have found out: I would prefer oif:10000 not being forwarded) Also if it is possible to allow GatewayPorts on a per-forwarding-basis, i.e. GatewayPorts should not be enabled for all port forwarding, only for specific ones. |
As far as I know it needs to be on for all ports unless you run 2 sshd servers on different ports each with a different config. I also don't think there is a way to only bind to one interface so you'll need to use iptables to stop connections to the external interface.
|
All times are GMT -5. The time now is 01:48 AM. |