Sorry that I did not make this clear. Here s what I am tryin to do, I have a DB server behind a OpenbSD firewall that we control. I have a non routable nework behind it that connect outbound doing NAT, and inbound using rt fowarding. I have this wrking so that mahines on the orporate network can cnnect to it by conecting to the apropriate port on the firewall.
We have a corporate VPN to access only certain machines on that network. The firewall hapens to NOT be ne of thse, and I need access to this database whiile conected ia the PVPN/ So, what I need to do is set up an ssh tunnell through one of te machines hat are accessiable from the VPN. So what I am tyring to do is set hat tunnell p. But the OpenBSD machine s efusing the conection, as shown. So, hee is a diagram of what I am tryng to do External machine -> VPN -> our machine - SSH tunnel -> FW -> DB machine This works already: our machine -> FW - DB machine des that make it clearer? On Mon, Oct 06, 2014 at 09:22:52PM -0300, Giancarlo Razzolini wrote: > On 06-10-2014 20:59, stan wrote: > > I have a pf configuration which corectly fowards external conections to > > port 5432 on a machine on the inside. Iam trying to set up a machine on the > > outside to use ssh port fowarding to send ackets to port 5432 on the > > machine runing pf (firewall). Here is my ssh command line: > > > > ssh -v -v -v -g -f -L 6030:phfw1:5432 stan@phfw1 -N > > > > I keep getting errrs in auth.og about falure to connect on that port. > > > > Any idea what I am ding wrong? > > > > > > > Very confusing. But if I understood correctly, you are trying to make a > tcp port on a machine behind your firewall, available to others, in your > internal lan, to others, right? Well, for starters, I wouldn't use dns > names on the port forwarding part. It's prone to errors, not to mention > the fact that you'll get confused wheter the name is resolved locally or > remote. But it's remote, IIRC. In your case, you need to add your ip > address to the forwarding. In your case, it would become: > > -L <LOCAL IP>:6030:<REMOTE SIDE IP>:5432 > > If it's not this that you want, please clarify. > > Cheers, > > [demime 1.01d removed an attachment of type application/pkcs7-signature which > had a name of smime.p7s] > -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
