From owner-freebsd-security  Sun Jul 25 21:53:45 1999
Delivered-To: freebsd-security@freebsd.org
Received: from w2xo.pgh.pa.us (w2xo.pgh.pa.us [206.210.70.5])
	by hub.freebsd.org (Postfix) with ESMTP id AB4F115282
	for <freebsd-security@freebsd.org>; Sun, 25 Jul 1999 21:53:43 -0700 (PDT)
	(envelope-from durham@w2xo.pgh.pa.us)
Received: from w2xo.pgh.pa.us (shazam.internal [10.0.0.3])
	by w2xo.pgh.pa.us (8.9.2/8.9.1) with ESMTP id EAA60750
	for <freebsd-security@freebsd.org>; Mon, 26 Jul 1999 04:53:32 GMT
	(envelope-from durham@w2xo.pgh.pa.us)
Message-ID: <379BE9E6.48971781@w2xo.pgh.pa.us>
Date: Mon, 26 Jul 1999 00:53:58 -0400
From: "James C. Durham" <durham@w2xo.pgh.pa.us>
Organization: dis-
X-Mailer: Mozilla 4.61 [en] (X11; U; FreeBSD 3.2-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: ssh2 tunneling through firewall
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

This is sort of a security problem, as it deals with
firewalls and ssh, but sort of a networking problem, so
excuse me if this is the wrong group...

I have a remote server with a public IP address.
I have a local firewall machine and a LAN
with several machines with private IP addresses (10.x.x.x).

I'd like to be able to use ssh2 to tunnel IP connections
on the remote server to ports on one of the local machines.

I elected to try forwarding telnet requests (port 23)
for simplicity.

According to the ssh2 man page, this should be possible,
but I always get "denied by server" to the forwarding
request. I assume that "server" in this context, means
the local machine since the message is coming from
the remote machine?

I'm a little confused about what is happening here. The
man page says that the connection request for the port
on the server would be sent down the secure channel to
the *local* machine and the connection would be made
from the local machine. I have tried it's 10.x.x.x address,
it's local name from /etc/hosts and also tried
"localhost", all with the same results. If the connection
is made from the local machine, it certainly should have no
problem connecting to localhost:23 .

sshd2 is running on the local machine and the remote machine.
I'm using ssh2 -R 23:localhost:23 my.server.xx.xx

Does anyone know what I'm doing wrong here?

-- 
Jim Durham


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message