RE: [SLUG] Port redirecting

grant Thu, 11 Jan 2001 20:54:51 -0800

I am using ssh -R 16400:localhost:6400 FIRE
But whe it creates the tunnel, a netstat on FIRE says that FIRE is listening
on localhost:16400. This presents a problem when APP want's to connect.

It only does this on a machine with 2 Network cards. If I use a machine with
1 NIC the FIRE machine is listening on FIRE:16400.

I can't find anything in the ssh/sshd to tell it different (I could be
wrong,
it's happened before)

regards

Grant Street
Four J's Asia Pacific
http://www.4js.com.au
Ph:  +61 2 8912 4170
Fax: +61 2 8912 4179
Disclaimer: http://www.4js.com.au/Std/eDisclaim.html



> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> David Zverina
> Sent: Friday, 12 January 2001 14:43
> To: Grant Street; [EMAIL PROTECTED]
> Subject: RE: [SLUG] Port redirecting
>
>
> OK haven't actually tried this but quick scan of ssh manual seems to
> indicate a way to do it.
> Assuming FIRE and PC machines are linux and APP is whatever
> it should be as
> easy as running on the PC machine:
>
> ssh FIRE -L 6400:APP:6400
>
> Once this connection is estabilished, connecting to port 6400
> on the local
> PC would be actually connecting to APP:6400 over encrypted tunnel.
>
> man ssh for more info. Especially the -L (or maybe -R) switches.
>
> Hope this helps,
>
> Dave.
>
> --
> David Zverina
> Alt Key Pty. Ltd.
> http://www.altkey.com
> PO Box 3121, Parramatta, 2124, Australia
>
> > -----Original Message-----
> > From: Grant Street [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, 12 January 2001 14:28
> > To: 'David Zverina'; [EMAIL PROTECTED]
> > Subject: RE: [SLUG] Port redirecting
> >
> >
> >
> > we sell a product that is developed in FRANCE so we do not
> have access to
> > source.
> >
> > Essentialy it has a "display layer" (true 3 tier) process
> that runs on the
> > PC.
> > It listens to PORT 6400 for display type commands. These commands
> > are clear
> > text.
> > So eg "Display "Bloggs Fred" to name field" type commands(not
> > actual syntax)
> > are snoopable.
> >
> > Customers would like to run the app over the internet but would like
> > encryption. We are using ssh's  facilities to do this so that
> > only a client
> > ssh is needed on the PC.
> >
> > the big picture is
> >
> >  ----------                               ----------
> >  |        |           ssh                 |        |
> >  |  PC    |6400 -----------localhost:16400|  FIRE  |
> >  |        |                               |        |
> >  ----------                               ----------
> >                                                |IP:6400
> >                                                |
> >                                                |
> >                                           ----------
> >                                           |        |
> >                                           |  APP   |
> >                                           |        |
> >                                           ----------
> >
> > The application running on APP needs to communicate
> > to the PC on port 6400 eventually.
> >
> > Grant Street
> >
> >
> > > -----Original Message-----
> > > From: David Zverina [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, 12 January 2001 13:59
> > > To: Grant Street; [EMAIL PROTECTED]
> > > Subject: RE: [SLUG] Port redirecting
> > >
> > >
> > > % insmod /lib/modules/2.2.5-15/ipv4/ip_masq_portfw.o
> > > % /usr/sbin/ipmasqadm portfw -a -P tcp -L FIRE_IP_ADDRESS 16400 -R
> > > FIRE_IP_ADDRESS 6400
> > >
> > > -L means local address
> > > -R means remote address
> > >
> > > remote address does not have to be on the firewall PC and
> > > could be another
> > > PC behind the firewall if required. However I am bit puzzled
> > > by the need for
> > > that kind of configuration. May be if you post more info
> about your
> > > motivation, a better solution might appear.
> > >
> > > Cheers,
> > >
> > > Dave.
> > >
> > > --
> > > David Zverina
> > > Alt Key Pty. Ltd.
> > > http://www.altkey.com
> > > PO Box 3121, Parramatta, 2124, Australia
> > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > [EMAIL PROTECTED]
> > > Sent: Friday, 12 January 2001 13:15
> > > To: [EMAIL PROTECTED]
> > > Subject: [SLUG] Port redirecting
> > >
> > >
> > > Hello all
> > >
> > > I have the following configuration
> > >
> > >  ----------                               ----------
> > >  |        |           ssh                 |        |
> > >  |  PC    |6400 -----------localhost:16400|  FIRE  |IP:6400
> > >  |        |                               |        |
> > >  ----------                               ----------
> > >
> > > I am initiating a ssh connection from the PC and the
> > > firewall. The firewall has 2 network cards so the
> > > sshd is listening on localhost:16400. I want it to
> > > listen on IP:16400 or IP:6400.
> > >
> > > What is the best/easiest/general way of doing this
> > > I'm trying to work out IP chains but I am getting lost...
> > >
> > > Your speedy response is appreciated :-)
> > >
> > > Searching is bringing up seemingly irrelevant stuff
> > >
> > >
> > > Grant Street
> > >
> > >
> > >
> > > --
> > > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> > > More Info: http://slug.org.au/lists/listinfo/slug
> > >
> >
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
>



-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] Port redirecting

Reply via email to
