[ale] port forwarding with SSH

Ryan Matteson matty91 at bellsouth.net
Fri Sep 27 09:46:07 EDT 2002


On Fri, 2002-09-27 at 09:05, John Wells wrote:
> As I've mentioned before, I have a need to forward all packets from a
> machine on my company's network to an external machine on a kennesaw
> server. I'm attempting to use a machine on my home network as the proxy.
> 
> The way I'm testing it is this:
> 
> My home machine listens (allows packets through the firewall) on port 80. 
> I can nmap -p 80 mymachine when apache is running and see the port is
> open.
> 
> I take apache down, run the command (as root) "ssh -L
> 80:dest.at.kennesaw.edu:1755 mymachine".

I think you need to tell ssh to accept connection from remote hosts. I
think there is an option for this. I need to login to my SSH port
forwarders to grab the option. I don't have an ssh man page handy :(
> 
> After doing this, I can telnet to port 80 when I'm logged into mymachine
> and see that the port is being forwarded correctly.  However, when I try
> to do the same from work, I get "connection refused".  nmap says the port
> is closed (although I have it open and forwarded on my
> firewall...remember, apache works on this port when I have it running).
> 
> Running tcpdump to see what's going on, my attempt at connecting from the
> external (at work) machine looks like this:
> 
> mycompanymachine -> myhomemachine [SYN]
> myhomemachine -> mycompanymachine [RST, ACK]

This usually means that the Operating system received a SYN (Synchronize
connection) on a port that nothing is listening on. The Operating system
is nice enough to send you a RST to reset the connection.

> 
> Anyone have an idea what might be causing this?  It would seem that since
> the port's already configured to be open for apache, it should still allow
> traffic through. Modifying /etc/hosts.allow seems to have no effect.
> 
> Thanks for the help!
> 
> John
> 
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
Ryan Matteson - UNIX Administrator
GPG ID: 782C2F4B Ryan Matteson (Matty) <matty91 at bellsouth.net>
Digitally Signed Public Key: http://www.daemons.net/~matty/public.txt
Fingerprint = C8D2 E7E8 815C 7AF6 59C4  C621 B829 A3D9 782C 2F4B

 This is a digitally signed message part




More information about the Ale mailing list