Re: Need help installing SSH tunnel

• Previous message: Richard E. Silverman: "Re: rsync over ssh using non standard ssh port"
• In reply to: Andrew Schulman: "Re: Need help installing SSH tunnel"
• Next in thread: Andrew Schulman: "Re: Need help installing SSH tunnel"
• Reply: Andrew Schulman: "Re: Need help installing SSH tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 26 Jul 2003 00:21:30 -0400

>
> > channel 3: open failed: connect failed: Connection refused

> This could be a problem with the firewall or /etc/hosts.allow on the server.

Perhaps with the firewall; not with libwrap. If it were libwrap, the
connection would be accepted, then immediately closed again; you would not
see "connection refused."

> Do both of these permit all connections from localhost? In my
> /etc/hosts.allow, I have
>
> # localhost
> ALL : 127.
> ALL : xx.xx.xx.xx
>
> where xx.xx.xx.xx is the external IP address (on eth0) of the server. This
> permits all connections from localhost there. Yes, I know the second
> condition seems strange, because tunneled connections should come over the
> loopback interface, on 127.0.0.1.

You're confusing interfaces and addresses. Libwrap does not test which
interface a connection arrives on; it looks at the source address.
Suppose you have a host foo, with two interfaces:

   lo0 : 127.0.0.1 (loopback)
  eth0 : 10.1.1.1

Assume name "foo" resolves to 10.1.1.1, and consider the TCP connections
created by the following:

  foo% telnet localhost ...

  foo% telnet foo ...

Both connections flow over the loopback interface, but the source address
of the first will be 127.0.0.1, while that of the second will be
10.1.1.1 (following the usual rules for selecting source addresses when
the application does not specify them).

> I don't understand this either, but until I added it, I also got refused
> connections.

You would have gotten accepted but then closed connections, a slightly
different symptom from what the OP is seeing.

-- 
  Richard Silverman
  res@qoxp.net

• Previous message: Richard E. Silverman: "Re: rsync over ssh using non standard ssh port"
• In reply to: Andrew Schulman: "Re: Need help installing SSH tunnel"
• Next in thread: Andrew Schulman: "Re: Need help installing SSH tunnel"
• Reply: Andrew Schulman: "Re: Need help installing SSH tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: 2 round variable substitution - Is it possible ... > easily changed to reflect an individual test bed for network software ... > connections between the 4 duts. ... ${foo} works just like $foo except that ... then give the result to the set command. ... (comp.lang.tcl) ssh tunnel ... I want connections on i.e port 10001 on FOO to be forwarded to port ... If I use netstat -na, ... (comp.os.linux.networking) IRowConsumer webpart runat client ... (with runat client because i'm using an OWC Pivottable to interface). ... many connections can ... public override ConnectionRunAt CanRunAt() ... Public Overrides Sub EnsureInterfaces() ... (microsoft.public.sharepoint.portalserver.development) Re: NAT with IP Filters ... Static NAT (inbound) connection on purpose. ... you have disabled the firewall if you aren't filtering specific ports. ... interface, but this is far more tedious than simply telling the routing ... are fine except that they don't allow outgoing connections via e.g. TCP ... (microsoft.public.windows.server.networking) Re: NAT with IP Filters ... connections which I mean, from a private interface). ... Static NAT connection on purpose. ... you have disabled the firewall if you aren't filtering specific ports. ... (microsoft.public.windows.server.networking)