PHWinfo - Afficher un message - Reverse port forwarding: Connection refused

03/11/2006, 00h19

In article <1162509082.126677.80680@h54g2000cwb.googlegroups. com>
"hasenhei" <hasenhei@gmail.com> writes:
>Per Hedeland wrote:
>> In article <1162502329.093439.321250@h54g2000cwb.googlegroups .com>
>> "hasenhei" <hasenhei@gmail.com> writes:
>
>> >You should try to use the "-g"-option when connecting from 1.b to 1.a
>> >(via nat.a):
>> >ssh -p2222 -R3333:localhost:22 nat.a -g
>>
>> No, this doesn't , -g only affects "forward forwarding"
>
>I agree here,
>
> - the client
>> can't tell the server how to bind for a reverse forwarding, which makes
>> a whole lot of sense.
>
>but not here:
>
>from man ssh:
>-R [bind_address:]port:host:hostport

That isn't in the man page of the version I'm running (OpenSSH 4.2p1),
but I see it is in 4.4p1.

>[cut]
> By default, the listening socket on the server will be
>bound to the loopback interface only. This may be overriden by
>specifying a bind_address. An empty bind_address, or the address `*',
>indicates that the remote socket
> should listen on all interfaces. Specifying a remote
>bind_address will only succeed if the server's GatewayPorts option is
>enabled (see sshd_config(5)).

Hm, according to sshd_config(5) in OpenSSH 4.4p1, GatewayPorts has to be
not just "enabled", but set to ``clientspecified'' for this to work.
(I.e. it's still the case that the server decides, as it should be, just
that it may decide to let the client decide.:-) If set to ``yes'', sshd
should unconditionally bind to the wildcard address, and the OP's
problem wouldn't occur in the first place. Of course my 4.2p1
sshd_config(5) has only the yes/no settings - the OP didn't state what
version he was running.

--Per Hedeland
per@hedeland.org

03/11/2006, 00h19	#6
Per Hedeland Messages: n/a Hébergeur:	Re: Reverse port forwarding: Connection refused In article <1162509082.126677.80680@h54g2000cwb.googlegroups. com> "hasenhei" <hasenhei@gmail.com> writes: >Per Hedeland wrote: >> In article <1162502329.093439.321250@h54g2000cwb.googlegroups .com> >> "hasenhei" <hasenhei@gmail.com> writes: > >> >You should try to use the "-g"-option when connecting from 1.b to 1.a >> >(via nat.a): >> >ssh -p2222 -R3333:localhost:22 nat.a -g >> >> No, this doesn't , -g only affects "forward forwarding" > >I agree here, > > - the client >> can't tell the server how to bind for a reverse forwarding, which makes >> a whole lot of sense. > >but not here: > >from man ssh: >-R [bind_address:]port:host:hostport That isn't in the man page of the version I'm running (OpenSSH 4.2p1), but I see it is in 4.4p1. >[cut] > By default, the listening socket on the server will be >bound to the loopback interface only. This may be overriden by >specifying a bind_address. An empty bind_address, or the address `*', >indicates that the remote socket > should listen on all interfaces. Specifying a remote >bind_address will only succeed if the server's GatewayPorts option is >enabled (see sshd_config(5)). Hm, according to sshd_config(5) in OpenSSH 4.4p1, GatewayPorts has to be not just "enabled", but set to ``clientspecified'' for this to work. (I.e. it's still the case that the server decides, as it should be, just that it may decide to let the client decide.:-) If set to ``yes'', sshd should unconditionally bind to the wildcard address, and the OP's problem wouldn't occur in the first place. Of course my 4.2p1 sshd_config(5) has only the yes/no settings - the OP didn't state what version he was running. --Per Hedeland per@hedeland.org