Re: channel 3: open failed: connect failed: Connection refused

From: per@xxxxxxxxxxxx (Per Hedeland)
Date: Thu, 29 Nov 2007 23:04:55 +0000 (UTC)

In article <m2abp0okcz.fsf@xxxxxxxxxxxxxxxxx> blueman
<NOSPAM@xxxxxxxxxx> writes:

OK. Well, let me explain what I am doing in more detail and maybe
someone can explain what is going wrong.

I am trying to tunnel smb (cifs) over ssh by redireting port 445 over
a non-priveleged port on both ends. On the client end, the command
mount.cifs allows you to specify an arbitrary port and on the server
end I am using iptables to route from the ssh-forwarded non-privileged
port back to port 445 where smbd (the samba server) listens.

Specifically,
1. On the ssh and smb server I am using the "PREROUTING" iptable to
re-route incoming traffice from a non-privileged port (say 1445) to
445, using the following rule:

-A PREROUTING -p tcp --dport 1445 -j DNAT --to 127.0.0.1:445

(My intention is that this should effectively "trick" the smbd
server that it is listening in also on port 1445)

Well, this is straying from the subject of this group, but try the
OUTPUT table instead. PREROUTING is for packets arriving from the
"outside" to the host, and while your packets sort-of are, iptables
knows nothing about that - as far as it can determine (and technically
correct), they are locally originated by the sshd process.

However, there's no point to this iptables thing - just do the ssh
forwarding as -L1445:127.0.0.1:445 instead. You don't need privileges to
connect to a "privileged" port, only to listen on it.

--Per Hedeland
per@xxxxxxxxxxxx
.

References:
- channel 3: open failed: connect failed: Connection refused
  - From: blueman
- Re: channel 3: open failed: connect failed: Connection refused
  - From: Per Hedeland
- Re: channel 3: open failed: connect failed: Connection refused
  - From: blueman

Prev by Date: Re: PEM_read_PrivateKey failed - many posts, but few answers.
Next by Date: Re: How to set these machines ssh without password?
Previous by thread: Re: channel 3: open failed: connect failed: Connection refused
Next by thread: sftp quits after logging in
Index(es):
- Date
- Thread

Relevant Pages

RE: Some technical errors
... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
(Security-Basics)
Re: Forwarding Web server requests to local machine
... The problem is that ssh listens on all IPs that are on the same network ... listenying to port 80, so ssh fails to listen on port 80. ... ML> connected by a remote server that I do not control (actually ... ML> thought of using ssh to forward port 80 connections to that remote ...
(comp.security.ssh)
Re: SRV RRs support in Internet Explorer?
... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ...
(microsoft.public.win2000.dns)
Re: Still cant connect to RWW or OWA remotely
... I get 'cannot find server or dns error' on both ... TCP [port number]> to open the ports. ... As for error messages when I fail to access RWW with the laptop, ... network, no connection seems possible. ...
(microsoft.public.windows.server.sbs)
Re: Outlook 2003 client
... Items' folder from the Send/Receive group for my account, ... Send/Receive to synchronize Outlook local data with the Exchange Server, ... Port 21 enable external and internal file transfer ... Port 80 enables all nonsecure browser access, ...
(microsoft.public.windows.server.sbs)