Re: OpenSSH 3.4p1 port forwarding problem

From: Steve Fabac (smfabac_at_att.net)
Date: 09/02/03 

Date: Tue, 02 Sep 2003 05:16:04 GMT

> Reposted after cleaning text wrap problem

I am attempting to setup port forwarding of port 1680 over the SSH
tunnel to allow Carbon Copy on the local Windows machine to connect
to CC on a Windows host at the client's office.

When I proposed this 2 years ago, I had set up a test at another
client's office and I got it to work with very little trouble.
(SCO 5.0.5 Enterprise with either ssh_3.0.p1_os5.tar or ssh-504.tar.
I don't have access to the machine as the company went out of business)

Finally, the client using CC to connect from home to the office using
dial-up has installed DSL at both end and I have been unable to get CC
working over ssh3.1p1.

I downloaded openssh3.4p1 in VOLS from SKUNKWARE and still no luck.

I'm using TerraTermPro with SSH extensions to make the connection.
I configured TTPRO to forward 1680 on the local Windows pc to
192.168.10.34:1680 at the client site.

When I try to connect with CC to "localhost" I get the following
message:

"A program on the local machine attempted to connect to a forwarded
port. The forwarding request was denied by the server. The connection
has been closed."

When I model the connection on my office LAN, I connect to server
192.168.111.231 and set TTPRO to forward 1680:192.168.111.10:1680
(the local machine with CC) and use CC to connect to "localhost" I
then get the message:

"Host with IP number 192.168.111.231 tried to connect to forwarded
local port 1680. This could be some kind of hostile attack."
 
Indicating that forwarding is attempted. When I change the forwarding
request to point to a nonexistent host (local 1680:remote 192.168.111.34
:1680), the following appears when running netstat -a:

tcp 0 0 pentium.1301 192.168.111.34.1680 SYN_SENT
tcp 0 0 localhost.2022 *.* LISTEN
tcp 0 0 pentium.22 smf4861.1054 ESTABLISHED
tcp 0 4 pentium.telnet smf4861.1022 ESTABLISHED
tcp 0 0 pentium.telnet smf4861.1023 ESTABLISHED
tcp 0 0 pentium.nb-ssn smf4861.nterm ESTABLISHED
tcp 0 0 *.1266 *.* LISTEN
tcp 0 0 *.1265 *.* LISTEN
tcp 0 0 *.nb-ssn *.* LISTEN
:q

Again, indicating that port forwarding is configured and should be
working.
 
Yesterday, I was on-site at the client and set up CC on another Win98
system on the local network. I was able to use CC to connect to the
target machine directly 192.168.10.39 -> 192.168.10.34.

But when I installed TTPRO on the .39 machine and used it to connect
to 192.168.10.33 (SCO 5.0.5) and set up forwarding as
local 1680:remote 192.168.10.34:1680.
 
I got the same failed connection: "A program on the local machine
attempted to connect to a forwarded port. The forwarding request
was denied by the server. The connection has been closed."

Changing the forwarding to "local 1680:remote 192.168.10.101:1680,"
results in a timed out connection attempt and netstat -a showing:

tcp 0 0 wwcpa.1301 192.168.10.101.1680 SYN_SENT
tcp 0 0 localhost.2022 *.* LISTEN
tcp 0 0 wwcpa.22 randy.1054 ESTABLISHED

Again, appearing to show that forwarding is being attempted. What I have
not been able to determine is why CC is failing to connect to the
target machine over the forwarded port.

These tests were conducted after adding: "AllowTcpForwarding yes" to the
default /usr/local/etc/sshd_config file. Adding "GatewayPorts yes" does
not correct the failure.

Does anyone have any information on how to change the sshd_config file
to complete port forwarding to allow CC to communicate over the ssh
tunnel?
 
All suggestions are welcome. 

-- 
                                      Steve Fabac
                                       S.M. Fabac & Associates
                                        816/765-1670

Relevant Pages

  • port forwarding source address
    ... The SSH encrypted connection itself can be bound to a specific IP address ... Port forwarding can bind to a specific address on the listening host, ...
    (comp.security.ssh)
  • Re: Port forwarding and ssh
    ... >> the only problem was from my NAT router which does ... >> machine by ssh and port forwarding and i try to ssh ...
    (Fedora)
  • Re: [opensuse] Howto Use/Relay Ports to Connect to Other Computers from Outside?
    ... I guess this situation is a port forwarding situation, ... In the past the only experience I have had with this is ssh port ... forwarding to forward X or reach other machines behind the router. ...
    (SuSE)
  • Re: Load estimation - SSH on HP-UX
    ... > perform port forwarding only. ... Run one SSH session per forwarded connection. ... One a single SSH session with a large number of forwarded connections. ... B1) There's a sanity-check limit of the number of port forwards of 100 ...
    (comp.security.ssh)
  • Re: [SLE] tunneling through an intermediate host
    ... SSH to the gateway as usual, setting up a forwarded port to ... >> enable X forwarding on this first connection since it doesn't ... >> sound like you're actually running anything X from the gateway. ...
    (SuSE)