ssh -R limitations?
Alfonso Fiore
afiore at secure-edge.com
Tue Apr 16 01:57:47 EST 2002
Hi there!
I've a couple of questions on -R feature:
Here is my situation:
PC_A has a private IP, ssh client and has a service I want to see from the
internet.
PC_B is a linux firewall (public IP) where there is an open port that
forwards all traffic to PC_C (ssh server on port 22) which is in PC_B LAN.
I want to create a tunnel from PC_A to PC_C to access a service on PC_A from
PC_C, so I want to use ssh -R.
I made some successful tries using ssh -R connecting directly to a public IP
machine, but from my tests it seems that a -R tunnel will accept only
connection from the very same machine where the port is listening
(localhost). Am I right? Is there a way to change this behaviour?
When I try to cross PC_B firewall, I always have some weird error.
PC_B (which has two lan cards) is set up to forward everything that comes to
port xxyy to PC_C on port 22.
From PC_A I write:
ssh -p xxyy -R aabb:localhost:aabb PC_B
I made many experiments, and I can see that PC_A correctly connects on PC_C
and opens aabb LISTEN port.
When I try to connect from PC_C on localhost:aabb I receive an error.
Here is my guess: from PC_A command line ssh understands that aabb port is
listening on PC_B, could it be that ssh refuses connection from PC_C even if
it comes from localhost?
If this is not the case, is there anybody with similar experience that has
any suggestion?
Note: both ssh are cygwin windows implementation.
Thank you for your help.
With best regards,
Alfonso Fiore
More information about the openssh-unix-dev
mailing list