Starting SSH tunnel using Xinetd

From: Paul Herbosch (paul_at_hypervision.be)
Date: 07/17/03

  • Next message: Ingolf Steinbach: "Re: Restrict port forwarding - how?" 
    Date: 17 Jul 2003 02:12:22 -0700

    Hi,

    My company has an external webserver housed somewhere.
    I managed to set up some ssh tunnels to specfic ports. Mysql on port 3306
    for example. Running the following command on my linuxbox:

    ssh -g -T -N -x -L3306:webserver:3306 someuser@webserver

    works great. now, everybody in the company can connect to my linuxbox on
    port 3306 and gets fwded to the webserver in a secure way.

    the only problem is that I have to open and close the tunnel by hand, so I
    made a small config file in /etc/xinetd.d called mysql-tunnel:

    ============
    service mysql

    {
    disable = no
    socket_type = stream
    protocol = tcp
    wait = yes
    user = sshunnel
    server = /home/someuser/mysql_tunnel.sh
    port = 3306
    }
    ============

    and made sure "mysql 3306/tcp" was present in /etc/services.
    i put the above mentioned ssh command in a small script called
    /home/someuser/mysql_tunnel.sh, made it executable and restarted xinetd.
    Now, all tunnels are closed. I initiate a connection on port 3306 from
    another pc to my linuxbox and nothing happens. the connection times out.

    BUT:

    If I run "ps aux" it tells me that an ssh tunnel is running fine.
    I check /var/log/secure and see that xinetd started the mysql-tunnel, but it
    hasn't got a from address:

    Jul 17 10:19:43 mylinuxbox xinetd[5422]: START: mysql pid=5425 from=<no
    address>

    now, if I change the "wait" parameter in /etc/xinet.d/mysql-tunnel from
    "yes" to "no" xinetd sees the from address:

    Jul 17 10:46:58 mylinuxbox xinetd[5520]: START: mysql pid=5523
    from=01.02.03.04 (my ipaddress)

    and, my MYSQL interface doesn't time out, but throws an error.

    I tried changing nearly every parameter in the /etc/xinet.d/mysql-tunnel
    file, but I can't seem to find a solution.
    I know this is probably an Xinet.d related problem, but I can't find a
    newsgroup ...
    Any help would be greatly appreciated.

    Thx, Paul

  • Next message: Ingolf Steinbach: "Re: Restrict port forwarding - how?"

    Relevant Pages

    • Re: Using SSH tunnels
      ... Al Jarvi (MS-MVP Windows Networking) ... I've sucessfully used SSH tunnels with Remote ... > configuring RDC to connect to "localhost:<whatever port I ... > else using SSH tunnels (I searched for SSH and localhost, ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Using SSH tunnels
      ... Greg ... > Al Jarvi (MS-MVP Windows Networking) ... >> I've sucessfully used SSH tunnels with Remote ... >> up a port forwarding scheme in my SSH client and then ...
      (microsoft.public.windowsxp.work_remotely)
    • Using SSH tunnels
      ... I've sucessfully used SSH tunnels with Remote ... up a port forwarding scheme in my SSH client and then ... configuring RDC to connect to "localhost:<whatever port I ... else using SSH tunnels (I searched for SSH and localhost, ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: Port upgrade/install problem: MySQL and Perl I/F
      ... Subject: Port upgrade/install problem: MySQL and Perl I/F ... When I try to portupgrade the perl interface, ...
      (freebsd-questions)
    • Re: Possible to use PF to firewall jails?
      ... We have a MySQL cluster which needs to interact ... with the other NDB nodes, a DNS server that relies on the MySQL cluster, ... pass in quick log on $ext proto tcp from any to $host port $ssh keep state ...
      (comp.unix.bsd.freebsd.misc)