ssh -R limitations?

Alfonso Fiore afiore at secure-edge.com
Tue Apr 16 01:57:47 EST 2002


Hi there! 

I've a couple of questions on -R feature: 

Here is my situation: 

PC_A has a private IP, ssh client and has a service I want to see from the 
internet.
PC_B is a linux firewall (public IP) where there is an open port that 
forwards all traffic to PC_C (ssh server on port 22) which is in PC_B LAN. 

I want to create a tunnel from PC_A to PC_C to access a service on PC_A from 
PC_C, so I want to use ssh -R. 

I made some successful tries using ssh -R connecting directly to a public IP 
machine, but from my tests it seems that a -R tunnel will accept only 
connection from the very same machine where the port is listening 
(localhost). Am I right? Is there a way to change this behaviour? 

When I try to cross PC_B firewall, I always have some weird error.
PC_B (which has two lan cards) is set up to forward everything that comes to 
port xxyy to PC_C on port 22. 

 From PC_A I write:
ssh -p xxyy -R aabb:localhost:aabb PC_B 

I made many experiments, and I can see that PC_A correctly connects on PC_C 
and opens aabb LISTEN port. 

When I try to connect from PC_C on localhost:aabb I receive an error. 

Here is my guess: from PC_A command line ssh understands that aabb port is 
listening on PC_B, could it be that ssh refuses connection from PC_C even if 
it comes from localhost? 

If this is not the case, is there anybody with similar experience that has 
any suggestion? 

Note: both ssh are cygwin windows implementation. 

Thank you for your help. 

With best regards, 

 Alfonso Fiore 




More information about the openssh-unix-dev mailing list