[ale] port forwarding with SSH
Cory T. Echols
ctechols at mindspring.com
Fri Sep 27 09:35:34 EDT 2002
On 09/27, John Wells wrote:
> I take apache down, run the command (as root) "ssh -L
> 80:dest.at.kennesaw.edu:1755 mymachine".
Using ssh to forward local ports like this means that port 80 is only
open on the local interface (the one with address 127.0.0.1). You won't
be able to connect to port 80 of "mymachine" from any other machine.
> After doing this, I can telnet to port 80 when I'm logged into mymachine
> and see that the port is being forwarded correctly. However, when I try
> to do the same from work, I get "connection refused". nmap says the port
> is closed (although I have it open and forwarded on my
> firewall...remember, apache works on this port when I have it running).
This is because that telnet and nmap are connecting to a different
network interface when you try them from work.
This is stuff that I only recently learned for myself, so I'm talking
slightly above my head here. "netstat -tap" will show you all the ports
you have open on the local machine and what interfaces they're listening
on.
I think you may need to use the kernel's port forwarding mechanism for
what you're trying to accomplish. There is a firewall script called
gShield that I use which might be able to configure kernel-level port
forwarding the way you want it to operate.
If you really need a user-space solution, stunnel might be able to do
what you want. My experimentation and reading of ssh docs leads me to
believe that ssh is not the tool for the job.
--
Cory T. Echols
ctechols at mindspring.com
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list