bind_address ignored? as in "ssh -R [bind_address]:12491:127.0.0.1:500"

Jon jonathan88 at gmail.com
Sun Aug 15 00:45:18 EST 2010


No answers on secureshell at securityfocus.com

I must be doing something wrong or the server seems to ignore my bind request.

Port forwarding is working it just bind to all ips and ignores my bind
request. I've also tried this with an rfc1918 address opposed to a
loopback and had the same results.

Google and the archive haven't helped.

Thanks in advance for your time and consideration.

-server-
uname -a
Linux example.com 2.6.18-128.7.1.el5xen #1 SMP Mon Aug 24 10:08:55 EDT
2009 i686 i686 i386 GNU/Linux
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

-sshd_config-
AllowTcpForwarding yes
GatewayPorts yes

-from other system-
ssh -R 127.0.0.10:12491:127.0.0.1:5000 foo at example.com

-messages-
Aug 12 16:22:45 xxx sshd[1440]: debug1: server_input_global_request:
tcpip-forward listen 127.0.0.10 port 12491
Aug 12 16:22:45 xxx sshd[1440]: debug1: Local forwarding listening on
:: port 12491.
Aug 12 16:22:45 xxx sshd[1440]: debug1: channel 0: new [port listener]
Aug 12 16:22:45 xxx sshd[1440]: debug1: Local forwarding listening on
0.0.0.0 port 12491.
Aug 12 16:22:45 xxx sshd[1440]: error: bind: Address already in use

-check-
netstat -an | grep 12491
tcp        0      0 :::12491                    :::*
    LISTEN

okay that didn't work lets see if "GatewayPorts" is related

-sshd_config-
AllowTcpForwarding yes
GatewayPorts no

-from other system-
ssh -R 127.0.0.10:12491:127.0.0.1:5000 foo at example.com

-messages-
Aug 12 16:25:26 xxx sshd[1578]: debug1: Local forwarding listening on
127.0.0.1 port 12491.
Aug 12 16:25:26 xxx sshd[1578]: debug1: channel 0: new [port listener]
Aug 12 16:25:26 xxx sshd[1578]: debug1: Local forwarding listening on
::1 port 12491.

-check-
netstat -an | grep 12491
tcp        0      0 127.0.0.1:12491             0.0.0.0:*
    LISTEN
tcp        0      0 ::1:12491                   :::*
    LISTEN

-networking-
eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
         inet addr:xxx.xxx.xxx.xxx  Bcast:xxx.xxx.xxx.xxx  Mask:255.255.252.0
         inet6 addr: fe80::216:3eff:fe6b:1e1d/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:33160 errors:0 dropped:0 overruns:0 frame:0
         TX packets:1240 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:2158440 (2.0 MiB)  TX bytes:228786 (223.4 KiB)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:124 errors:0 dropped:0 overruns:0 frame:0
         TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:11631 (11.3 KiB)  TX bytes:11631 (11.3 KiB)

lo:1      Link encap:Local Loopback
         inet addr:127.0.0.10  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1

-check-
ping 127.0.0.10
PING 127.0.0.10 (127.0.0.10) 56(84) bytes of data.
64 bytes from 127.0.0.10: icmp_seq=1 ttl=64 time=0.025 ms

-check-
ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms

-from man-
GatewayPorts
            Specifies whether remote hosts are allowed to connect to
ports forwarded for the client.  By default, sshd binds remote port
for-
            wardings to the loopback address.  This prevents other
remote hosts from connecting to forwarded ports.  GatewayPorts can be
used
            to specify that sshd should allow remote port forwardings
to bind to non-loopback addresses, thus allowing other hosts to con-
            nect.  The argument may be "no" to force remote port
forwardings to be available to the local host only, "yes" to force
remote
            port forwardings to bind to the wildcard address, or
"clientspecified" to allow the client to select the address to which
the
            forwarding is bound.  The default is "no".


More information about the openssh-unix-dev mailing list