0

I have a scenario where I need to open up a port for a server behind an ISP that appears to be blocking traffic. In this case I have a dedicated server remotely that I can ssh into and use whatever ports I wish. My desire is to ssh in from the server behind this firewall to the dedicated server and then to open a port generally for this other app's client to access at will.

I had thought it was as simple as, from the server behind the ISP firewall:

ssh username@remote_server_ip -R remote_server_ip:12345:localhost:12345

And then to simply connect with the client software to remoteserver:12345 as the server setting.

Additionally, I have sshd_config set to GatewayPorts clientspecified and when I check netstat -tln | grep 12345 on the remote_server, I'm seeing: Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address                Foreign Address             State      
tcp        0      0 remote_server_ip:12345       0.0.0.0:*                   LISTEN

Unfortunately this is seemingly not working. I am suspecting that I am getting something off on the ssh arguments. Any ideas?

Improve this question
9
  • i suppose you don't want -R, if you're running the ssh client app from behind the firewall, AND your regular client is also behind the firewall. so you want the listening to be happening at the ssh client. so that's -L which is default. not -R. Try that. So, with -L. (also i'm curious if it works without -L.. but looks to me like you don't want -R). So try changing your command from saying -R to saying -L.
    – barlop
    Commented Sep 6, 2013 at 3:03
  • As I understand this from the man page one would use this very argument above to forward traffic from remote_server:12345 back to the initiating ssh on localhost server which is behind the firewall. I've been over this again and again and as per the man page, this seems correct and without error.
    – ylluminate
    Commented Sep 6, 2013 at 3:31
  • ok so your firewall is blocking incoming and allowing your ssh client out. And your regular servers are at the ssh client's end, I see from your last comment that they are. So yeah you want -R. How are you connecting your regular client afterwards? Perhaps your tunnei is working but you're failing when connecting your client to it. Can you paste both the command for setting up the tunnel(which you've done), the result (some output? no output?) the command for connecting the regular client to it and the output.
    – barlop
    Commented Sep 6, 2013 at 8:24
  • also if you're just troubleshooting it then you could leave out the GatewayPorts line in sshd_config. or let it be the default no. And connect directly Furthermore, perhaps you can show output showing whether your ssh connection is even established or not. I'm guessing it's established.. Maybe you got this wrong You wrote ssh username@remote_server_ip -R remote_server_ip:12345:localhost:12345 Try changing it to ssh username@remote_server_ip -R 127.0.0.1:12345:localhost:12345 or ssh username@remote_server_ip -R 0.0.0.0:12345:localhost:12345 or
    – barlop
    Commented Sep 6, 2013 at 14:26
  • ssh username@remote_server_ip -R *:12345:localhost:12345 Or try replacing * with the local ip. Maybe when you did ssh username@remote_server_ip -R remote_server_ip:12345:localhost:12345 You did the same remote_server_ip. And that's wrong 'cos the latter has to be local(e.g. 192...) or loopback or */0.0.0.0.
    – barlop
    Commented Sep 6, 2013 at 14:29

1 Answer 1

Reset to default
0

If i understand properly, you want to create an ssh tunnel from your machine behind the ISP and expose its service through a port on the SSH server.

If thats the case your command line appears correct. I do something similar.

You have enabled the Gatewayports in the sshd config so all that is good, if you didnt do that you could only bind the port to the loopback address 127.0.0.1 on the ssh server.

Quick note, I had to reboot my ssh server for the gatewayport option to start working. Restarting the sshd service should be enough but it didnt work for me.

I see that you arent specifying a port for the ssh server which means you are using port 22, your ISP may be tempering with it in some way.

One other thing, whatever service you want to access on the server behind the ISP, make sure its port is binded to the 127.0.0.1 interface cause that's were your pointing your tunnel. Also, check that your service is accepting connections from that interface and double check the port its running on.

@barlop -R 127.0.0.1:12345:localhost:12345 would be wrong, the service would only be accessible to someone connecting on the loopback adapter.

But reading barlop's post I realized something, keep in mind the way you set your command the port that is being opened on the ssh server will be bound to the same IP running your SSH server. Which means the service is being exposed to the internet, maybe its what you want but if the ppl who need the service connect from the LAN then you need to bind this port to the LAN ip of the ssh server. ALSO are you SURE that ssh server you are connecting to isnt behind a firewall which is forwarding port 22 to the serveir internally? if thats the case it means you are asking the ssh server to open a port on an ip that belongs to the firewall, which is impossible obviously.

In that senario you would need to open a port on the ssh server's own lan ip, then the local machines could connect directly there, if you wanted to expose the service to the internet then you need to forward a port from the firewall to the port you opened on the ssh server.

Just trying to cover everything, its hard to get a clear picture of whats going on without more info on the infrastructure.

Awww the pleasures of networking.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .