Loris Serena wrote: > Guys, > > I managed to get the following working: > > ---------------------------------------------------------------------------------------------------- > > A firewall between SERVER and CLIENT only allows TCP port 22 from > SERVER to CLIENT (but not viceversa!) > > SERVER -------22------> CLIENT > > What I would like to achieve via ssh tunnelling is to send TCP port > 1984 traffic from CLIENT to SERVER: > > SERVER <-----1984------ CLIENT > ------------------------------------------------------------------------------------------------------ > > > by running (on SERVER): > $ ssh -f -N -R 1984:SERVER:1984 CLIENT > > > Now I'd like to add the next (and last) bit of the configuration to the > picture: > > There is another firewall between CLIENT and GOOFY, again only allowing > TCP port 22 from CLIENT to GOOFY (and NOT viceversa!): > > SERVER -------22------> CLIENT -------22-------> GOOFY > > What I would like to achieve via ssh tunnelling is to send TCP port > 1984 traffic from GOOFY to SERVER (through CLIENT): > > SERVER <-----1984----- CLIENT > SERVER <----------------(CLIENT)----------1984------ GOOFY > > Please note that: > a. the remote forwarding of 1984 from CLIENT to SERVER is already working; > b. there is no native process on CLIENT listening on port 1984. > > I ran `ssh -f -N -R 1984:127.0.0.1:1984 GOOFY` on CLIENT, > > but testing that with telnet from GOOFY, it failed as follows: > > [GOOFY]$ telnet localhost 1984 > Trying 127.0.0.1... > telnet: Unable to connect to remote host: Connection refused > > > So, how do I do that? > Any security issues I shold be aware of? > > > Thanks in advance > > Ciccio > I've already had this problem when using putty and on some linux ssh clients. The first tunnel works, but the tunnel inside the tunnel don't. I solved it ensuring that the tunnel is an ipv4 one. So, instead of the -R, -L or -D switches, you put the -4R, -4L and -4D switches. This way you ensure that the tunnel will work. The problem i had was that ssh tries to auto detect the ip version, and had problems detecting the ip version when creating the tunnel inside other.
My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
signature.asc
Description: OpenPGP digital signature
