ssh reverse forwarding - help

From: SG (sg_at_sg.com)
Date: 02/26/04

• Next message: Steve Turner: "Re: Proposed enhancement to scp"
• Previous message: Jared: "Re: ssh 2 tunnel to named pipe not working - please help"
• Next in thread: Richard E. Silverman: "Re: ssh reverse forwarding - help"
• Reply: Richard E. Silverman: "Re: ssh reverse forwarding - help"
• Reply: steve: "Re: ssh reverse forwarding - help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 26 Feb 2004 18:16:59 GMT

I can't seem to find the missing link, but feel sooo close. My scenario is,
I would like remote users to be able to connect to an SSH server behind
firewall and in a DMZ with a reverse forwarding tunnel configured such that
I can connect to the SSH server from the INSIDE and have it forward the
connection to their machine. That way I can connect via VNC viewer or RDP to
the client machine with some sort of "secure" mechanism. I have successfully
tested reverse forwarding from the Server to Client, but cannot do so with a
third machine.

Client A --------> SSH server (ssh -R 9000:clientpc_ip:5900 "ssh server
ip")

How do I get Client B to connect to SSH server on port 9000 and have it
forward to client_pc port 5900???
I can locally forward from Client A through SSH server to Client B or any
other host/port till I'm blue in the face, but what am I missing going the
other way? I thought reverse forwarding could be done the exact same way
local forwarding works. Do I need to establish two connections, i.e. client
A to SSH and client B to SSH, for this to work? If so, why don't I have to
do the same for local forwarding and could this be accomplished with one
client connection, i.e. client A --> SSH server, and then use IPTables to
forward traffic on specific ports to the ports in the SSH tunnel? any help
is greatly appreciated. Thanks.

SG

---

• Next message: Steve Turner: "Re: Proposed enhancement to scp"
• Previous message: Jared: "Re: ssh 2 tunnel to named pipe not working - please help"
• Next in thread: Richard E. Silverman: "Re: ssh reverse forwarding - help"
• Reply: Richard E. Silverman: "Re: ssh reverse forwarding - help"
• Reply: steve: "Re: ssh reverse forwarding - help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: SSH Tunneling ... Can you explain what you mean by if your client can accept both ways? ... The problem is when I try to connect to the localhost on port ... >> the address of the ssh server and port 3389 and it work? ... (comp.security.ssh) Re: ssh reverse forwarding - help ... > I would like remote users to be able to connect to an SSH server behind ... > tested reverse forwarding from the Server to Client, but cannot do so with a ... > How do I get Client B to connect to SSH server on port 9000 and have it ... (comp.security.ssh) Re: How to change telnet service under ssh ... Look into port forwarding in e.g. ssh. ... ssh server machine). ... but my client is hard coding to connect to ssh port. ... (comp.unix.admin) Re: Using port 143 ... SSH normally uses port 22. ... Simply configure your SSH server and client to ... Putty can do that. ... (comp.security.ssh) Re: thin client com ports ... I'm glad that you got at least one more client working! ... MCSE, CCEA, Microsoft MVP - Terminal Server ... the COM port settings? ... I am testing several thin clients. ... (microsoft.public.windows.terminal_services)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)