3

I have trouble enabling SSH remote port forwarding publicly.

On the client side:

ssh -vvv -nNT -p 2222 -R \*:8882:localhost:22 xx@<server_address>

Output:

...

debug2: we sent a password packet, wait for reply

debug1: Authentication succeeded (password).

Authenticated to xxx.com ([xxx.xxx.xxx.xxx]:2222).

debug1: Remote connections from *:8882 forwarded to local address localhost:22

debug2: fd 3 setting TCP_NODELAY

debug3: ssh_packet_set_tos: set IP_TOS 0x10

debug1: Requesting [email protected]

debug1: Entering interactive session.

debug1: remote forward success for: listen *:8882, connect localhost:22

debug1: All remote forwarding requests processed

On the server side: (which got GatewayPorts enabled, confirmed with sshd -T)

netstat -an | grep 8882

Output:

tcp        0      0 0.0.0.0:8882            0.0.0.0:*               LISTEN
tcp6       0      0 :::8882                 :::*                    LISTEN

When connecting to localhost (ssh -p 8882 xx@localhost), it does work and i can login into the SSH shell of the client. However, ssh just hangs there and do nothing if I change localhost to my local ip, or even 127.0.0.1, there is also no debug output at the client side, too.

As seen from the netstat output, it seems the port 8882 is bound to all interfaces and should work publicly, but it doesn't. What have I done wrong?

Improve this question
2
  • Did You ever solve Your problem? I'm in the same predicament (apparently). In my case I have a self-compiled kernel/rootfs (5.7/Buildroot), so I might have goofed somewhere :/
    – ZioByte
    Commented Aug 8, 2020 at 9:06
  • @ZioByte I am sorry but no, I never did solve the issue. IIRC, I switched to another machine and it works again. Maybe it's due to hidden bugs in specific SSH versions, or maybe kernel versions? Not really sure...
    – Kong Chun Ho
    Commented Aug 11, 2020 at 19:15

2 Answers 2

Reset to default
4

Setting in sshd_config to allow tunneling is AllowTcpForwarding. Remember to restart sshd to make it work.

Improve this answer
3
  • 2
    AllowTcpForwarding is set to yes. It is confirmed by ssh -T | grep allowtcpforwarding and I still cannot connect the to port with my ip address other than localhost.
    – Kong Chun Ho
    Commented Aug 21, 2016 at 19:34
  • Do you have iptables enabled on the remote server?
    – NuTTyX
    Commented Aug 21, 2016 at 20:19
  • No, i don't. The HTTP and SSH server are fine and accessible in the public, it's just the tunnel port not work.
    – Kong Chun Ho
    Commented Aug 22, 2016 at 1:24
1

I encountered the same problem and after a morning's Google I found it is related to the iptables/firewall of the remote server. It seems the reason is the port 2222 is not open. Then I solve this problem by executing the following commands on the remote sever (CentOS 7)

firewall-cmd --zone=public --add-port=2222/tcp 
firewall-cmd --reload

It should work if directly editing iptables, but I do not try it. Although this answer is very late for this question, I wish it may help someone who faces the same problem.

Improve this answer
1
  • Thank you, had the exact same problem description as OP, and it turned out the firewall was the final stumbling block in my case; for an Ubuntu server, I had to use sudo ufw allow PORT comment '...', sudo ufw status numbered | grep PORT, and sudo ufw delete allow PORT to manage the firewall permissions for port-forwarded port access
    – sdbbs
    Commented May 8 at 17:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .