Re: Two-hops SSH tunnelling



Try using this script:
http://lanning.cc/ssh-multihop-tunnel

There is an echo at the end, that you can uncomment to see the command
line it builds.

On 5/23/06, Loris Serena <lserena@xxxxxxxxx> wrote:
Guys,

I managed to get the following working:

----------------------------------------------------------------------------------------------------
A firewall between SERVER and CLIENT only allows TCP port 22 from
SERVER to CLIENT (but not viceversa!)

SERVER -------22------> CLIENT

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from CLIENT to SERVER:

SERVER <-----1984------ CLIENT
------------------------------------------------------------------------------------------------------

by running (on SERVER):
$ ssh -f -N -R 1984:SERVER:1984 CLIENT


Now I'd like to add the next (and last) bit of the configuration to the
picture:

There is another firewall between CLIENT and GOOFY, again only allowing
TCP port 22 from CLIENT to GOOFY (and NOT viceversa!):

SERVER -------22------> CLIENT -------22-------> GOOFY

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from GOOFY to SERVER (through CLIENT):

SERVER <-----1984----- CLIENT
SERVER <----------------(CLIENT)----------1984------ GOOFY

Please note that:
a. the remote forwarding of 1984 from CLIENT to SERVER is already working;
b. there is no native process on CLIENT listening on port 1984.

I ran `ssh -f -N -R 1984:127.0.0.1:1984 GOOFY` on CLIENT,

but testing that with telnet from GOOFY, it failed as follows:

[GOOFY]$ telnet localhost 1984
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


So, how do I do that?
Any security issues I shold be aware of?


Thanks in advance

Ciccio



--
And, did Guloka think the Ulus were too ugly to save?
-Centauri



Relevant Pages

  • Re: Terrible NFS performance under 9.2-RELEASE?
    ... horrible NFS performance issues. ... Client connecting to 172.20.20.169, TCP port 5001 ... Server listening on TCP port 5001 ...
    (freebsd-net)
  • SUMMARY: Slightly off topic | Two-hops SSH tunnelling.
    ... A firewall between SERVER and CLIENT only allows TCP port 22 from ... There is another firewall between CLIENT and GOOFY, ... If you are not the intended recipient be aware that any ...
    (SunManagers)
  • Slightly off topic | Two-hops SSH tunnelling.
    ... A firewall between SERVER and CLIENT only allows TCP port 22 from ... What I would like to achieve via ssh tunnelling is to send TCP port ... There is another firewall between CLIENT and GOOFY, ...
    (SunManagers)
  • Re: RWW Issues When Connecting from WAN Side
    ... LAN (XP Pro Client connecting to Server via RWW) ... - Lots of traffic on TCP port 4125 ... WAN (XP Pro Client trying to connect to Server/Client via RWW) ...
    (microsoft.public.windows.server.sbs)
  • RE: RPC-over-http not connecting through NAT gateway
    ... None of them has proved helpful. ... and that the client is correctly configured to use it. ... therefore the fundamental server and client requirements are fine. ... It does not appear to be a firewall issue, since TCP Port 80 and Port 443 ...
    (microsoft.public.exchange.connectivity)