On Mon, 2008-06-23 at 14:10 -0700, Mike wrote: > On Mon, 23 Jun 2008, Rick Bilonick wrote: > > > > > On Mon, 2008-06-23 at 13:06 -0400, Rick Bilonick wrote: > >> How do you explain that this works fine when going from my home computer > >> to an account on my ISP's computer? I followed an example posted on the > >> web (which DID have one mistake in using "localhost" which I corrected - > >> but the other use of "localhost" is AFAIK correct). In order to do a > >> reverse tunnel, don't you have to point to localhost in order to use the > >> forwarded port? > >> > >> I don't see this as confusing: > >> > >> (on my.work.server which is behind a firewall that blocks incoming ssh > >> but not outgoing ssh) > >> > >>> ssh -R 2022:my.work.server:22 me@xxxxxxxxxxxxx > >> > >> where "my.work.server" is the IP address for my.work.server and > >> "home.computer" is the IP address for my home.computer. This sets up the > >> port forwarding for a reverse tunnel (that's the -R option). If on > >> home.computer I do: > >> > >>> netstat -an | grep 2022 > >> > >> it shows that home.computer is listening to port 2022. > >> > >> Then, to use the reverse tunnel (again on home.computer): > >> > >>> ssh -p 2022 accnt@localhost > >> > >> where "accnt" is the user account on my.work.server and I use the > >> password for accnt on my.work.server. This should allow me then to go > >> through the ssh tunnel in the reverse direction (getting through the > >> firewall that is blocking the use of incoming ssh from the home computer > >> to the my.work.server). > >> > >> Even after removing everything in hosts.allow on my.work.server, I still > >> can't connect. > >> > >> This SAME set up works fine if I set up the tunnel from my home computer > >> to my account on my ISP's server. And yes I'm using "localhost" similar > >> to what I show above. And I've tried it from my.work.server to my > >> account on my ISP but have the same problem so the problem is something > >> on my.work.server. > >> > >> Is it possible for the firewall to block a reverse tunnel (without > >> blocking outgoing ssh)? > >> > >> Rick B. > >> > > > > One more thing. I just tried this on another Fedora 8 computer hooked to > > a different network (at the same organization) that has a fire wall > > blocking incoming ssh. I followed the same strategy as outlined above > > and it works like a charm. So this procedure DOES work as I've outlined > > it above IN PRINCIPLE. For some reason, it doesn't work on the other > > server. > > > > Rick B. > > > > I haven't followed this thread closely but... On the server that does not > work do you know if the line "AllowTcpForwarding yes" is present in > /etc/ssh/sshd_config ? > > --Mike > I checked and it was set to "no" but commented. I set it to yes and un-commented it, restarted the network, but still same error message. I will have more time tomorrow to redo and include -v, etc. I'm also planning on setting up my Fedora 8 laptop to replace the server temporarily to try creating the tunnel on the network. I was able to get the laptop to work on another network. At least this might let me know that it's the server configuration that is the problem. Rick B. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
