ssh tunnel problems

Rick Bilonick rab at nauticom.net
Mon Jun 23 17:14:37 UTC 2008 

On Mon, 2008-06-23 at 13:06 -0400, Rick Bilonick wrote:
> How do you explain that this works fine when going from my home computer
> to an account on my ISP's computer? I followed an example posted on the
> web (which DID have one mistake in using "localhost" which I corrected -
> but the other use of "localhost" is AFAIK correct). In order to do a
> reverse tunnel, don't you have to point to localhost in order to use the
> forwarded port? 
> 
> I don't see this as confusing:
> 
> (on my.work.server which is behind a firewall that blocks incoming ssh
> but not outgoing ssh)
> 
> > ssh -R 2022:my.work.server:22 me at home.computer
> 
> where "my.work.server" is the IP address for my.work.server and
> "home.computer" is the IP address for my home.computer. This sets up the
> port forwarding for a reverse tunnel (that's the -R option). If on
> home.computer I do:
> 
> > netstat -an | grep 2022
> 
> it shows that home.computer is listening to port 2022.
> 
> Then, to use the reverse tunnel (again on home.computer):
> 
> > ssh -p 2022 accnt at localhost
> 
> where "accnt" is the user account on my.work.server and I use the
> password for accnt on my.work.server. This should allow me then to go
> through the ssh tunnel in the reverse direction (getting through the
> firewall that is blocking the use of incoming ssh from the home computer
> to the my.work.server).
> 
> Even after removing everything in hosts.allow on my.work.server, I still
> can't connect.
> 
> This SAME set up works fine if I set up the tunnel from my home computer
> to my account on my ISP's server. And yes I'm using "localhost" similar
> to what I show above. And I've tried it from my.work.server to my
> account on my ISP but have the same problem so the problem is something
> on my.work.server. 
> 
> Is it possible for the firewall to block a reverse tunnel (without
> blocking outgoing ssh)?
> 
> Rick B.
> 

One more thing. I just tried this on another Fedora 8 computer hooked to
a different network (at the same organization) that has a fire wall
blocking incoming ssh. I followed the same strategy as outlined above
and it works like a charm. So this procedure DOES work as I've outlined
it above IN PRINCIPLE. For some reason, it doesn't work on the other
server.

Rick B.

More information about the fedora-list mailing list