Wide-open local port forwarding

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I tried to setup an ssh tunnel open for all users, not only local:
$ ssh myserver
myserver$ ssh -g -L 60022:localhost:22 localhost

then it works for local users:
myserver$ ssh -p 60022 localhost
Enter password....

but not for any outside user (doing from home 'ssh -p 60022 myserver'
doesn't work)

What's wrong? (note the -g flag IS present)...



Re: Wide-open local port forwarding

I have vague memories of a problem like this where putting the
external IP instead of localhost did the trick - but I can't remember
if it was the same problem that I was trying to solve.

It looks like you're trying to make SSH available on port 60022 as
well as 22.  If this is the case, then you'll be better off with a
firewall rule along these lines:

iptables -t nat -A PREROUTING -p tcp --dport 60022 -j REDIRECT --to-ports 22

If you're trying to forward any old port, try running the ssh process
with the -v option and see if it sees the incoming connection to port
60022.  If not then there may be a firewall blocking things somewhere.

If that doesn't work, post the output of the ssh process which is
forwarding the ports and the ssh process (use -v again) which is
trying to connect, then it'll be easier for us to work out what's
going on.

Hope that helps!


Site Timeline