Hi,
I'm trying to setup a tunnel through a NAT firewall. Here are the
details
A : external host
B-ext : external address of host B
B-int : internal address of host B
C : another internal host
F : NAT Firewall (Firewall-1)
I'm trying to set up a 2 hop tunnel that will basically go from A -> B
-> C.
Config on A:
LocalForward 1234:B-ext:1234
Config on B:
LocalForward 1234:C:1234
>From A I ssh to B-ext which sets up the port forwarding from A to B, and
then from a shell on B I ssh to C which is supposed to set up the port
forwarding from B-int to C.
A (Local port forwarding 1234:B-ext:1234)
|
| ssh
|
v
B-ext .-.-> F (NAT)
|
.
|
ssh v
C <----- B-int
Now the problem occurs when I have all of the forwarding set up and then
try to connect to localhost:1234 on host A. The packet trace below shows
that the B-int is trying to connect back to B-ext to forward the traffic
from A to C.
A -> B-int TCP D=22 S=1218 Ack=1514911042 Seq=187863986 Len=0
Win=7664
B-int -> A TCP D=1218 S=22 Ack=187863986 Seq=1514911042 Len=64
Win=8760
A -> B-int TCP D=22 S=1218 Ack=1514911106 Seq=187863986 Len=0
Win=7600
A -> B-int TCP D=22 S=1218 Ack=1514911106 Seq=187863986 Len=96
Win=7600
B-int-> B-ext TCP D=1234 S=32903 Syn Seq=1524942192 Len=0 Win=8760
Options=<mss 1460>
B-int -> A TCP D=1218 S=22 Ack=187864082 Seq=1514911106 Len=0
Win=8760
A -> B-int TCP D=22 S=1218 Ack=1514911106 Seq=187863986 Len=96
Win=7600
B-int -> A TCP D=1218 S=22 Ack=187864082 Seq=1514911106 Len=0
Win=8760
B-int-> B-ext TCP D=1234 S=32903 Syn Seq=1524942192 Len=0 Win=8760
Options=<mss 1460>
B-int-> B-ext TCP D=1234 S=32903 Syn Seq=1524942192 Len=0 Win=8760
Options=<mss 1460>
B-int -> A TCP D=1061 S=22 Ack=181625939 Seq=726641753 Len=64
Win=8760
Has anyone done this before? What am i doing wrong?
--
Matthew Flanagan +61 2 9460 7185 direct
[EMAIL PROTECTED] +61 2 9420 3620 switch
EnStor - Enterprise Storage Solutions +61 2 9420 3670 fax
