Date: Mon, 12 Jul 2004 14:16:17 -0700 From: Eddie <linux0642@sbcglobal.net> To: freebsd-questions@freebsd.org Subject: Unable to SSH tunnel Message-ID: <40F2FFA1.20307@sbcglobal.net>
next in thread | raw e-mail | index | archive | help
I have webmin installed on a brand new installation of FreeBSD 5.2.1. I tunnel port 10000 to my localhost and connect to wemin like this: http://127.0.0.1:10000 I always connect to webmin this way, with all *nix machines I admin. This does not seem to work with FreeBSD 5.2.1. It does work out of the box for other versions (4.7 and 4.8 at least) of FreeBSD though. Is there some rule somewhere preventing port forwarding in 5.2? Here's my netstat output: bsd3c# netstat -nat Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 192.168.1.19.22 69.91.145.220.46031 ESTABLISHED tcp4 0 0 127.0.0.1.25 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN tcp4 0 0 *.10000 *.* LISTEN udp4 0 0 *.10000 *.* udp4 0 0 *.514 *.* udp6 0 0 *.514 *.* ipfw output: ipfw: getsockopt(IP_FW_GET): Protocol not available webmin is running and listening on port 10000 as it's supposed to, and I can connect to webmin on the localhost with links. The sshd config file gives no indication that tunneling is disabled, and it has not been modified in any way. According to the OpenSSH documentation, "AllowTcpForwarding " is turned on by default. There is no reference to this in the sshd config file, however. I have included the sshd_config file for your review: Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 120 #PermitRootLogin no #StrictModes yes #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server I would be glad to hear what anyone's thoughts are on this. Eddie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40F2FFA1.20307>