[ale] port forwarding with SSH

John Wells jb at sourceillustrated.com
Fri Sep 27 09:52:13 EDT 2002 

Cory,

See Stephan's email on how to accomplish this with "-g".  Worked for me!

Thanks,

John

Cory T. Echols said:
> On 09/27, John Wells wrote:
>> I take apache down, run the command (as root) "ssh -L
>> 80:dest.at.kennesaw.edu:1755 mymachine".
>
> Using ssh to forward local ports like this means that port 80 is only
> open on the local interface (the one with address 127.0.0.1).  You won't
> be able to connect to port 80 of "mymachine" from any other machine.
>
>> After doing this, I can telnet to port 80 when I'm logged into
>> mymachine and see that the port is being forwarded correctly.
>> However, when I try to do the same from work, I get "connection
>> refused".  nmap says the port is closed (although I have it open and
>> forwarded on my
>> firewall...remember, apache works on this port when I have it
>> running).
>
> This is because that telnet and nmap are connecting to a different
> network interface when you try them from work.
>
> This is stuff that I only recently learned for myself, so I'm talking
> slightly above my head here.  "netstat -tap" will show you all the ports
> you have open on the local machine and what interfaces they're listening
> on.
>
> I think you may need to use the kernel's port forwarding mechanism for
> what you're trying to accomplish.  There is a firewall script called
> gShield that I use which might be able to configure kernel-level port
> forwarding the way you want it to operate.
>
> If you really need a user-space solution, stunnel might be able to do
> what you want.  My experimentation and reading of ssh docs leads me to
> believe that ssh is not the tool for the job.
>
> --
> Cory T. Echols
> ctechols at mindspring.com
>
> ---
> This message has been sent through the ALE general discussion list. See
> http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>  sent to listmaster at ale dot org.




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list