[SATLUG] Datapipe networking with ssh port forwarding

Christopher Lemire christopher.lemire at gmail.com
Tue Mar 22 09:21:32 CDT 2011


On Tue, Mar 22, 2011 at 7:29 AM, Christopher Lemire
<christopher.lemire at gmail.com> wrote:
> On Tue, Mar 22, 2011 at 7:04 AM, Don Davis <dondavis at reglue.org> wrote:
>> -L might be more limiting than -D. Do you know that the intermediary
>> supports/ allows port forwarding?
>>
>>
>> How about:
>>
>> ssh -C -N -f -D 60000 user at remotehost.net
>>
>>
>>
>>
>>
>>
>> On 03/22/2011 06:44 AM, Christopher Lemire wrote:
>>> Hello SATLUG, I need some help if anybody sees what I am doing wrong. I am
>>> trying to connect my irc client from my computer to an irc network but not
>>> directly to it. After googling, I found a project on github.
>>>
>>> https://github.com/bovine/datapipe/blob/master/datapipe.c
>>>
>>> <https://github.com/bovine/datapipe/blob/master/datapipe.c>It compiled fine.
>>> I found instructions in the comments of the source file.
>>>
>>> I will try to explain the best I can what I am attempting to do. If my
>>> computer is called A, another computer called B and the irc server is called
>>> C. I would like to connect X-Chat to localhost:60000 and as a result, my
>>> computer, A is connected to C with B as a go-between. So I logged into B
>>> with ssh.
>>>
>>> main201:~> ./datapipe
>>> Usage: ./datapipe localhost localport remotehost remoteport
>>> main201:~> ./datapipe 129.115.28.161 60000 irc.freenode.net 6667
>>> main201:~> nc 129.115.28.161 60000
>>> :gibson.freenode.net NOTICE * :*** Looking up your hostname...
>>> :gibson.freenode.net NOTICE * :*** Checking Ident
>>> :gibson.freenode.net NOTICE * :*** No Ident response
>>> :gibson.freenode.net NOTICE * :*** Found your hostname
>>>
>>> So I know that part is working because I tested the connection with
>>> netcat. 129.115.28.161 is the lan ip address of computer B (ip of device
>>> eth0). Now in order to connect my computer, A, to the irc server C, through
>>> B, I think I need to create a ssh port forwarding tunnel. B does have an ssh
>>> server.
>>>
>>> I attempted to do this by running this command on my computer A.
>>>
>>> ssh -l user -L 60000:10.71.0.254:60000 <domain of B>
>>>
>>> 10.71.0.254 is the LAN ip of my computer A for the device wlan0 (the one I
>>> am connected to the internet through).
>>>
>>> Then I set X-Chat to connect to localhost:60000. The connection is refused.
>>> Somewhere I must of made a tiny mistake, but I haven't been able to figure
>>> out where I went wrong.
>>>
>>> If anybody can help, please do. Thanks.
>>>
>> --
>> _______________________________________________
>> SATLUG mailing list
>> SATLUG at satlug.org
>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
>> Powered by Rackspace (www.rackspace.com)
>>
>
> http://vpaste.net/c1Jy0?
>
> That is the /etc/ssh/sshd_config
>
> Yes, I know. It has bad configurations like being readable by non
> privileged users and permitting root login, but I am not the one who
> did that. A bad Linux sysadmin is in charge of that network.
>
> I don't see anything in that file preventing intermediary supports/ssh
> port forwarding.
>
>
> From 'man sshd_config' :
>
>     AllowTcpForwarding
>             Specifies whether TCP forwarding is permitted.  The
> default is “yes”.  Note that disabling TCP forwarding does not
>             improve security unless users are also denied shell
> access, as they can always install their own forwarders.
>
> Because that option is not in the config, the ssh server should
> default to "yes", allowing it.
>
> I tried using the command you gave with the -D option instead. It
> didn't seem to work.
>
> --
> Christopher Lemire <christopher.lemire at gmail.com>
> Ubuntu 64 bit Linux Raid Level 0
>
> Gnu Privacy Guard Key Fingerprint = 3E1A 9103 EF3D 4885 6866  E9DE
> C69F 18B3 E13B 0909
>
> Web: http://linuxinnovations.blogspot.com
> Jabber: recursivequicksort at jabber.org
>

Update:

➜  ~  sudo nmap -p55555,50000,60000 127.0.0.1

Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-22 09:19 CDT
Nmap scan report for localhost.localdomain (127.0.0.1)
Host is up (0.000066s latency).
PORT      STATE  SERVICE
50000/tcp closed iiimsf
55555/tcp open   unknown
60000/tcp open   unknown

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
➜  ~  sudo nmap -p55555,50000,60000 10.71.0.254

Starting Nmap 5.21 ( http://nmap.org ) at 2011-03-22 09:19 CDT
Nmap scan report for 10.71.0.254
Host is up (0.000069s latency).
PORT      STATE  SERVICE
50000/tcp closed iiimsf
55555/tcp closed unknown
60000/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
➜  ~

wlan0's ip is 10.71.0.254, so the ssh port forward must have worked
and binded to the loopback device only. That's what I put in X-Chat
for it to connect to. The strange thing is that when I want to check
what happens with netcat, it just hangs there doing nothing. but if I
check with netcat on the other computer, I get a response from the IRC
server.

-- 
Christopher Lemire <christopher.lemire at gmail.com>
Ubuntu 64 bit Linux Raid Level 0

Gnu Privacy Guard Key Fingerprint = 3E1A 9103 EF3D 4885 6866  E9DE
C69F 18B3 E13B 0909

Web: http://linuxinnovations.blogspot.com
Jabber: recursivequicksort at jabber.org


More information about the SATLUG mailing list