ssh tunnel problems

Rick Bilonick rab at nauticom.net
Tue Jun 24 04:27:45 UTC 2008


On Mon, 2008-06-23 at 14:10 -0700, Mike wrote:
> On Mon, 23 Jun 2008, Rick Bilonick wrote:
> 
> >
> > On Mon, 2008-06-23 at 13:06 -0400, Rick Bilonick wrote:
> >> How do you explain that this works fine when going from my home computer
> >> to an account on my ISP's computer? I followed an example posted on the
> >> web (which DID have one mistake in using "localhost" which I corrected -
> >> but the other use of "localhost" is AFAIK correct). In order to do a
> >> reverse tunnel, don't you have to point to localhost in order to use the
> >> forwarded port?
> >>
> >> I don't see this as confusing:
> >>
> >> (on my.work.server which is behind a firewall that blocks incoming ssh
> >> but not outgoing ssh)
> >>
> >>> ssh -R 2022:my.work.server:22 me at home.computer
> >>
> >> where "my.work.server" is the IP address for my.work.server and
> >> "home.computer" is the IP address for my home.computer. This sets up the
> >> port forwarding for a reverse tunnel (that's the -R option). If on
> >> home.computer I do:
> >>
> >>> netstat -an | grep 2022
> >>
> >> it shows that home.computer is listening to port 2022.
> >>
> >> Then, to use the reverse tunnel (again on home.computer):
> >>
> >>> ssh -p 2022 accnt at localhost
> >>
> >> where "accnt" is the user account on my.work.server and I use the
> >> password for accnt on my.work.server. This should allow me then to go
> >> through the ssh tunnel in the reverse direction (getting through the
> >> firewall that is blocking the use of incoming ssh from the home computer
> >> to the my.work.server).
> >>
> >> Even after removing everything in hosts.allow on my.work.server, I still
> >> can't connect.
> >>
> >> This SAME set up works fine if I set up the tunnel from my home computer
> >> to my account on my ISP's server. And yes I'm using "localhost" similar
> >> to what I show above. And I've tried it from my.work.server to my
> >> account on my ISP but have the same problem so the problem is something
> >> on my.work.server.
> >>
> >> Is it possible for the firewall to block a reverse tunnel (without
> >> blocking outgoing ssh)?
> >>
> >> Rick B.
> >>
> >
> > One more thing. I just tried this on another Fedora 8 computer hooked to
> > a different network (at the same organization) that has a fire wall
> > blocking incoming ssh. I followed the same strategy as outlined above
> > and it works like a charm. So this procedure DOES work as I've outlined
> > it above IN PRINCIPLE. For some reason, it doesn't work on the other
> > server.
> >
> > Rick B.
> >
> 
> I haven't followed this thread closely but...  On the server that does not 
> work do you know if the line "AllowTcpForwarding yes" is present in 
> /etc/ssh/sshd_config ?
> 
> --Mike
> 

I checked and it was set to "no" but commented. I set it to yes and
un-commented it, restarted the network, but still same error message. I
will have more time tomorrow to redo and include -v, etc.

I'm also planning on setting up my Fedora 8 laptop to replace the server
temporarily to try creating the tunnel on the network. I was able to get
the laptop to work on another network. At least this might let me know
that it's the server configuration that is the problem.

Rick B.




More information about the fedora-list mailing list