Slightly off topic | Two-hops SSH tunnelling.

Guys,

Sorry for the slightly off-topic post, but I couldn't get any working
suggestion from the secureshell mailing list.



I managed to get the following working:

--------------------------------------------------------------------
A firewall between SERVER and CLIENT only allows TCP port 22 from
SERVER to CLIENT (but not viceversa!)

SERVER -------22------> CLIENT

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from CLIENT to SERVER:

SERVER <-----1984------ CLIENT
--------------------------------------------------------------------

by running (on SERVER):
$ ssh -f -N -R 1984:SERVER:1984 CLIENT


Now I'd like to add the next (and last) bit of the configuration to the
picture:

There is another firewall between CLIENT and GOOFY, again only allowing
TCP port 22 from CLIENT to GOOFY (and NOT viceversa!):

SERVER -------22------> CLIENT -------22-------> GOOFY

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from GOOFY to SERVER (through CLIENT):

SERVER <-----1984----- CLIENT
SERVER <----------------(CLIENT)----------1984------ GOOFY

Please note that the remote forwarding of 1984 from CLIENT to SERVER is
already working

On CLIENT, I ran `ssh -f -N -R 1984:127.0.0.1:1984 GOOFY`

but testing that with telnet from GOOFY, it failed as follows:

[GOOFY]$ telnet localhost 1984
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


So, how do I do that?
Any security issues I should be aware of?


Thanks in advance


Loris





BT Communications Ireland Limited
is a wholly owned subsidiary of BT Group plc
Registered in Ireland, Registration No. 141524
Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland

This electronic message contains information (and may contain files) from BT
Communications Ireland Limited which may be privileged or confidential. The
information is intended to be for the sole use of the individual(s) or
entity named above. If you are not the intended recipient be aware that any
disclosure, copying, distribution or use of the contents of this information
and or files is prohibited. If you have received this electronic message in
error, please notify us by telephone or email (to the numbers or address
above) immediately. http://www.btireland.ie
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Relevant Pages

  • SUMMARY: Slightly off topic | Two-hops SSH tunnelling.
    ... A firewall between SERVER and CLIENT only allows TCP port 22 from ... There is another firewall between CLIENT and GOOFY, ... If you are not the intended recipient be aware that any ...
    (SunManagers)
  • Re: RWW Issues When Connecting from WAN Side
    ... LAN (XP Pro Client connecting to Server via RWW) ... - Lots of traffic on TCP port 4125 ... WAN (XP Pro Client trying to connect to Server/Client via RWW) ...
    (microsoft.public.windows.server.sbs)
  • RE: RPC-over-http not connecting through NAT gateway
    ... None of them has proved helpful. ... and that the client is correctly configured to use it. ... therefore the fundamental server and client requirements are fine. ... It does not appear to be a firewall issue, since TCP Port 80 and Port 443 ...
    (microsoft.public.exchange.connectivity)
  • Re: Two-hops SSH tunnelling
    ... A firewall between SERVER and CLIENT only allows TCP port 22 from ... What I would like to achieve via ssh tunnelling is to send TCP port ... The first tunnel works, but the tunnel inside the tunnel don't. ...
    (SSH)
  • Re: Two-hops SSH tunnelling
    ... A firewall between SERVER and CLIENT only allows TCP port 22 from ... What I would like to achieve via ssh tunnelling is to send TCP port ... There is another firewall between CLIENT and GOOFY, ...
    (SSH)