[SATLUG] Datapipe networking with ssh port forwarding

Christopher Lemire christopher.lemire at gmail.com
Tue Mar 22 07:29:47 CDT 2011


On Tue, Mar 22, 2011 at 7:04 AM, Don Davis <dondavis at reglue.org> wrote:
> -L might be more limiting than -D. Do you know that the intermediary
> supports/ allows port forwarding?
>
>
> How about:
>
> ssh -C -N -f -D 60000 user at remotehost.net
>
>
>
>
>
>
> On 03/22/2011 06:44 AM, Christopher Lemire wrote:
>> Hello SATLUG, I need some help if anybody sees what I am doing wrong. I am
>> trying to connect my irc client from my computer to an irc network but not
>> directly to it. After googling, I found a project on github.
>>
>> https://github.com/bovine/datapipe/blob/master/datapipe.c
>>
>> <https://github.com/bovine/datapipe/blob/master/datapipe.c>It compiled fine.
>> I found instructions in the comments of the source file.
>>
>> I will try to explain the best I can what I am attempting to do. If my
>> computer is called A, another computer called B and the irc server is called
>> C. I would like to connect X-Chat to localhost:60000 and as a result, my
>> computer, A is connected to C with B as a go-between. So I logged into B
>> with ssh.
>>
>> main201:~> ./datapipe
>> Usage: ./datapipe localhost localport remotehost remoteport
>> main201:~> ./datapipe 129.115.28.161 60000 irc.freenode.net 6667
>> main201:~> nc 129.115.28.161 60000
>> :gibson.freenode.net NOTICE * :*** Looking up your hostname...
>> :gibson.freenode.net NOTICE * :*** Checking Ident
>> :gibson.freenode.net NOTICE * :*** No Ident response
>> :gibson.freenode.net NOTICE * :*** Found your hostname
>>
>> So I know that part is working because I tested the connection with
>> netcat. 129.115.28.161 is the lan ip address of computer B (ip of device
>> eth0). Now in order to connect my computer, A, to the irc server C, through
>> B, I think I need to create a ssh port forwarding tunnel. B does have an ssh
>> server.
>>
>> I attempted to do this by running this command on my computer A.
>>
>> ssh -l user -L 60000:10.71.0.254:60000 <domain of B>
>>
>> 10.71.0.254 is the LAN ip of my computer A for the device wlan0 (the one I
>> am connected to the internet through).
>>
>> Then I set X-Chat to connect to localhost:60000. The connection is refused.
>> Somewhere I must of made a tiny mistake, but I haven't been able to figure
>> out where I went wrong.
>>
>> If anybody can help, please do. Thanks.
>>
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
>

http://vpaste.net/c1Jy0?

That is the /etc/ssh/sshd_config

Yes, I know. It has bad configurations like being readable by non
privileged users and permitting root login, but I am not the one who
did that. A bad Linux sysadmin is in charge of that network.

I don't see anything in that file preventing intermediary supports/ssh
port forwarding.


>From 'man sshd_config' :

     AllowTcpForwarding
             Specifies whether TCP forwarding is permitted.  The
default is “yes”.  Note that disabling TCP forwarding does not
             improve security unless users are also denied shell
access, as they can always install their own forwarders.

Because that option is not in the config, the ssh server should
default to "yes", allowing it.

I tried using the command you gave with the -D option instead. It
didn't seem to work.

-- 
Christopher Lemire <christopher.lemire at gmail.com>
Ubuntu 64 bit Linux Raid Level 0

Gnu Privacy Guard Key Fingerprint = 3E1A 9103 EF3D 4885 6866  E9DE
C69F 18B3 E13B 0909

Web: http://linuxinnovations.blogspot.com
Jabber: recursivequicksort at jabber.org


More information about the SATLUG mailing list