-R makes the server listen to the specified port.
-g only applies to the client machine.
use the option 'gatewayports yes' in sshd_config if
you want to have sshd listen on all interfaces.
-markus
On Tue, Nov 21, 2000 at 07:09:35PM -0600, Michael R. Jinks wrote:
> I almost have this working now; my problem was that I was trying to use
> the OpenSSH package that came with Red Hat 7, which apparently has the
> -R option silently disabled. Grrr. Compiled from source, it works.
>
> BUT, I find that the forwarded port only allows connections if (a) they
> are requested from the machine where sshd is running and (b) the machine
> is addressed as "localhost" or "127.0.0.1".
>
> For example, first I do this, as root:
>
> ssh -g -R 2200:localhost:22 titan.localdomain
>
> Session starts up normally.
>
> Then, on titan:
>
> ssh -p 2200 127.0.0.1
>
> -or-
>
> ssh -p 2200 localhost
>
> works fine, I get a login prompt; but
>
> ssh -p 2200 192.168.10.12 [which is titan's IP address]
>
> -or-
>
> ssh -p 2200 titan.localdomain
>
> ...fails, "connection refused", even though all four commands are being
> issued from the same machine and all address the same target. I see the
> same behavior regardless of the port I'm trying to forward; web traffic
> works the same way.
>
> I notice that if I use the -v option in the ssh session which
> establishes the tunnel, I get debugging output as soon as the other
> client tries to connect using one of the "localhost" addresses, but no
> debugging output ever comes through if I use the other addresses; it's
> as if the session request never reaches ssh in the first place.
>
> Does this mean that ssh is only forwarding a Unix domain socket and not
> a TCP/IP port? Or does it try to deliberately disallow connections from
> off-host even with the -g option? Or might I be up against more Red Hat
> weirdness? Is there any way around this?
>
> Thanks,
> -m
>
>
> Michael R. Jinks wrote:
>
> > Okay -- I'll distill my question then.
> >
> > Does the "-R" option actually do anything under OpenSSH? Note that I am
> > accompanying it with the -g option.
> >
> > We're using version 2.1.1p4-1, installed from RPM on a Red Hat 7 machine
> > at the client side; on the server side we're running Red Hat 6.2 with
> > OpenSSH 2.2.0p1.
> >
> > I don't get any errors; at least nothing that I recognize as such; I
> > just don't get the behavior I expect, and my users are starting to get
> > antsy for outside access.
> >
> > Thanks for any help,
> > -m
> >
> >
> > Rolen, Mark E. wrote:
> >
> >> Ah, given the -R, then your ports were right :) I was assuming you
> >> were
> >> running the command on the outside host, since you used -L
> >>
> >> nevermind :)
> >>
> >> -----Original Message-----
> >> From: Michael R. Jinks [mailto:[EMAIL PROTECTED]]
> >> Sent: Monday, November 20, 2000 2:15 PM
> >> To: ssh
> >> Subject: port forwarding, remote to local
> >>
> >>
> >> This is a followup to my (rather idiotic) post from earlier today in
> >> which I was trying to forward an ssh port from a remote machine using
> >> the "-L" option. Oops.
> >>
> >> But I'm still having trouble.
> >>
> >> Background: our temporary internet connection won't allow incoming
> >> connections of any kind, but we do have a host on the Internet which
> >> has a real IP and an sshd process running. I want to initiate an ssh
> >> connection from our internal net to the outside host, such that a port
> >> on the outside host is forwarded to the sshd process on one of our
> >> internal machines.
> >>
> >> Now the command line I'm using is this (as root):
> >>
> >> ssh -v -g -R 2000:localhost:22 $REMOTEHOST
> >>
> >> The command appears to complete successfully, and I end up with a
> >> login shell on the remote box. But in the debugging output there is
> >> no mention of port forwarding, successful or otherwise, other than X
> >> forwarding, and any attempt to connect to port 2000 on the remote box
> >> comes back "connection refused".
> >>
> >> What might I be doing wrong?
> >>
> >> Thanks,
> >> -m
>
