PuTTY local proxy command, reverse tunnel broken

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I don't think this is expected behaviour - at least it doesn't seem to me t
o be very useful.  I'm using PuTTY v0.64 on Win7 32-bit.

I've setup a proxy command to connect to a remote server.  When I setup a r
everse tunnel, I would expect that a connection to the remote tunnel port w
ould come back through the tunnel to the local side and then connect to a l
ocal endpoint.  It doesn't, and instead runs a second proxy command for the
 reverse tunnel.

For example from my work (inside a firewall) I want to allow a home compute
r to access a nominated webserver on my work network.  I can use the "local
 proxy command" option in PuTTY and define a plink command to connect to my
 home (Linux) computer (via several ssh hops) like so:

 plink.exe -batch -A user1@server1 exec ssh -T user2@server2 exec nc %host  

Then I configure a reverse tunnel of the form R8080:www.work.example.com:80
.  After using the saved session to connect to my home computer CLI, I shou
ld be able to run "wget http://localhost:8080/" to connect to the web serve
r at work (via the reverse tunnel).

But instead (according to the log) PuTTY runs a new instance of the proxy c
ommand and apparently tries to connect back out through the second proxy se
ssion.  Needless to say, the work server is not visible to the proxy I'm us
ing, and the connection fails to resolve the DNS name.

I discovered that I can work around this by adding "www.work.example.com" i
nto the "Exclude Hosts/IPs" parameter on the proxy page.  But it seems to m
e that pretty much all connections associated with a session that was not u
sed for connecting to the remote ssh server, would only be useful if they w
ere local.  Because a local proxy command necessarily connects to an ssh en
dpoint, running the proxy command for a reverse tunnel would only ever be u
seful for a second ssh server on the same remote network, which is hardly a
 common use-case for remote tunnels - I can probably connect from the first
 remote server directly to the second, or create a new session for the seco
nd ssh server.

Perhaps the problem is that I can't see a use-case for proxying a reverse t
unnel via the proxy.  Can someone explain how this would ever be useful?

Interestingly, this setup to works as I'd expect, using cygwin openssh inst
ead of PuTTY/plink.  It seems OpenSSH handles proxycommand differently from

Site Timeline