[Bug 530] problems with port forwarding
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Apr 3 18:58:57 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=530
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From dtucker at zip.com.au 2003-04-03 18:58 -------
This is a Feature. By default, port forwards listen only on the loopback
interface, which means that only processes on the local machine can connect via
the forward. You can see this with netstat:
$ ssh -L 20022:127.0.0.1:22 myhost
myhost> netstat -an
Proto Recv-Q Send-Q Local Address Foreign Address State
[snip]
tcp 0 0 127.0.0.1:20022 0.0.0.0:* LISTEN
As you saw, using -g (or GatewayPorts=yes) allows connections on any interface.
This is known as a "wildcard binding" and shows a different "Local Address" in
netstat:
$ ssh -g -L 20022:127.0.0.1:22 myhost
myhost> netstat -an
Proto Recv-Q Send-Q Local Address Foreign Address State
[snip]
tcp 0 0 0.0.0.0:20022 0.0.0.0:* LISTEN
Using GatewayPorts means that anyone who can connect to your machines can
connect via your tunnel, which is why it defaults to listening on the loopback
only. If you don't like the default you can put "GatewayPorts yes" in
ssh_config.
If different ssh software behaved differently, perhaps it has a different
default or the config file had the equivalent of "GatewayPorts yes" set.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list