Need help installing SSH tunnel

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all!

Unfortunately, I've spent nearly a week of testing without any success.
I've read a lot of web sites related to SSH tunneling, but nothing really
Here is the problem:

First of all, let me say that a SSH connection to the remote machine is
fully functional, means the SSH server is up.
Second, I can do a telnet from the remote machine to the mail daemon on the
same machine means the mail daemon is up also.
Third, when I try to build a SSH tunnel, everything looks fine until I try
to telnet from the local machine over the SSH tunnel to the remote mail
The command I used installing the tunnel is:

ssh -v -L 25110:localhost:110 -L 25025:localhost:25 -4

Means I want to have a tunnel for SMTP and POP3. The ports on the local
machine are 25110 and 25025 which is OK. The command succeeds. I have a
shell on the remote machine and the debug mode says that the tunnel has
been successfully installed:

debug1: Connections to local port 25025 forwarded to remote address

But when I try to connect I get a "Connection refused" error:

Local machine:

Quoted text here. Click to load it
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

Remote machine (the tunnel connection):

channel 3: open failed: connect failed: Connection refused
debug1: channel_free: channel 3: direct-tcpip: listening port 25025 for
localhost port 25, connect from port 1220, nchannels 4

What am I doing wrong? Do I need to configure something special?
Let me say, that I've already added 'AllowTcpForwarding yes' and
'GatewayPorts yes' to /etc/ssh/sshd_config

Any help is highly welcome, since I really need this connection.

Thanx to all

Re: Need help installing SSH tunnel

Quoted text here. Click to load it

Perhaps with the firewall; not with libwrap.  If it were libwrap, the
connection would be accepted, then immediately closed again; you would not
see "connection refused."

Quoted text here. Click to load it

You're confusing interfaces and addresses.  Libwrap does not test which
interface a connection arrives on; it looks at the source address.
Suppose you have a host foo, with two interfaces:

   lo0 : (loopback)
  eth0 :

Assume name "foo" resolves to, and consider the TCP connections
created by the following:

  foo% telnet localhost ...

  foo% telnet foo ...

Both connections flow over the loopback interface, but the source address
of the first will be, while that of the second will be (following the usual rules for selecting source addresses when
the application does not specify them).

Quoted text here. Click to load it

You would have gotten accepted but then closed connections, a slightly
different symptom from what the OP is seeing.

  Richard Silverman

Re: Need help installing SSH tunnel

Quoted text here. Click to load it

OK, thank you.  That works.

Quoted text here. Click to load it

Yes, that's probably right.  So as you say it sounds like a firewall

To reply by email, change "" to ""

Re: Need help installing SSH tunnel

Richard E. Silverman wrote:

Quoted text here. Click to load it

I tried the first one which works fine. I've now also tested the other one
which also works.

Even configuring hosts.allow did not really work and I think that the
problem should be somewhere else since depending on the rules everthing
should be accepted. The hosts.allow file is empty (except some comments)
and the only line in hosts.deny is

http-rman : ALL EXCEPT LOCAL

which means that because only restrictions apply to the http-rman service
all access to other services are granted.

I'll try to switch on some debug modes on the services and see what is
logged. Will send the results here...


Site Timeline