tunnel ssh
tunnel local
[pl@client ~]$ ssh -fNL :2323:target.euphoria.fr:23 pl@server
[pl@client ~]$ netstat -pltn --ip
Proto Recv-Q Send-Q Local Address State PID/Program name
tcp 0 0 0.0.0.0:2323 LISTEN 1982/ssh
bind address : OK
[pl@client ~]$ ps -C ssh -ocmd
CMD
ssh -fNL :2323:target.euphoria.fr:23 pl@server
[pl@client ~]$ telnet localhost 2323
[pl@epsilon ~]$ telnet client 2323
tunnel distant
[pl@client ~]$ ssh -R *:2323:target.euphoria.fr:23 pl@server
[pl@server ~]$ netstat -ltn --ip
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Etat
tcp 0 0 0.0.0.0:111 LISTEN
tcp 0 0 127.0.0.1:2323 LISTEN
bind address : KO !!!
[pl@server ~]$ ssh -fNL *:6666:localhost:2323 localhost
[pl@server ~]$ netstat -ltn --ip
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale Etat
tcp 0 0 0.0.0.0:41761 LISTEN
tcp 0 0 0.0.0.0:6666 LISTEN
tcp 0 0 0.0.0.0:111 LISTEN
tcp 0 0 127.0.0.1:2323 LISTEN
Now, it is almost ockay.
[pl@epsilon ~]$ telnet server 6666
Trying server...
telnet: connect to address server: No route to host
checking firewall
[pl@server ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
open the door !
[pl@server ~]$ sudo iptables -I INPUT 6 -p tcp --dport 6666 -j ACCEPT
[pl@epsilon ~]$ telnet server 6666
Now, it is ockay.
[home page]
[Laboratoire]
[Départment]
[Université]
Philippe Langevin,
April 2013.