From owner-freebsd-questions@FreeBSD.ORG Tue Jan 22 16:08:32 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE5F416A41B for ; Tue, 22 Jan 2008 16:08:32 +0000 (UTC) (envelope-from perlcat@alltel.net) Received: from ispmxmta06-srv.windstream.net (ispmxmta06-srv.windstream.net [166.102.165.167]) by mx1.freebsd.org (Postfix) with ESMTP id A632513C455 for ; Tue, 22 Jan 2008 16:08:32 +0000 (UTC) (envelope-from perlcat@alltel.net) Received: from ispmxaamta05-gx.windstream.net ([72.37.126.241]) by ispmxmta06-srv.windstream.net with ESMTP id <20080122160831.OYPC15841.ispmxmta06-srv.windstream.net@ispmxaamta05-gx.windstream.net> for ; Tue, 22 Jan 2008 10:08:31 -0600 Received: from ext-b14-241.omhq.uprr.com ([72.37.126.241]) by ispmxaamta05-gx.windstream.net with ESMTP id <20080122160831.SDCA6487.ispmxaamta05-gx.windstream.net@ext-b14-241.omhq.uprr.com> for ; Tue, 22 Jan 2008 10:08:31 -0600 From: perlcat Organization: dis To: freebsd-questions@freebsd.org Date: Tue, 22 Jan 2008 10:05:05 -0600 User-Agent: KMail/1.9.6 References: <200801211400.33730.perlcat@alltel.net> <200801221334.45017.nvass@teledomenet.gr> In-Reply-To: <200801221334.45017.nvass@teledomenet.gr> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200801221005.05937.perlcat@alltel.net> Subject: Re: bind: Can't assign requested address using ssh (or anything else) -- resolution X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2008 16:08:32 -0000 > > $ ssh -X -N -L 127.0.0.3:13390:192.168.1.44:3390 tyson@xx.xx.xx.xx > > tyson@xx.xx.xx.xx's password: > > bind: Can't assign requested address > > channel_setup_fwd_listener: cannot listen to port: 13390 > > Could not request local forwarding. > > Ofcourse it fails, you are trying to bind to address 127.0.0.3, > however there is no such address assigned to a local network > interface. Either: > > You don't explain what this 127.0.0.3 is. This does it. > 2) ifconfig lo0 add 127.3/32 Thanks for responding! The vpn software I need to use requires me to configure and bind a VPN connection from 127.0.0.x:port to the loopback. It is a handy way of grabbing an entirely unique IP that doesn't collide with whatever network you're on. Of course, it probably isn't the best idea if a bunch of different apps start to pull stuff like this -- but I wasn't the brainiac that came up with this idea. Anyway, it seems to be a fairly common way of doing this, so I'm explaining in detail to benefit future searches. Some methods (SSH) allow me to manually select the IP/port, so for my example I use it. Others (Juniper Networks) just go and pick the IP for me, and can assign any number of connections depending upon configuration. In a Windows world, since there're no controls and stupid things are allowed to happen, the IP address/port assignment is done on the fly, and you then have to view the active VPN connections to figure out what IP address/port are in use. With a real OS, privileged things like this need to be done by a privileged user before the client can assign to it. Since they don't change without human intervention (the number is permanent based upon the order they load -- 127.2, 127.3, etc.) and are assigned in a logical fashion, I should be able to bind the new addresses that it will use to lo0 and it should Just Work. And it does. tsclient can now load and get me onto the Windows Server I need to control. It's a hollow victory -- I feel so *dirty* when I work with Windows, but I have to if I want to get paid... The Juniper Network client info: =======setup information======== RDP Direct option: Remote Server: Client Port: 33890 Server Port: 3389 ========================== Restarted the Secure Application manager. =========error info=========== In the Secure Application Manager Window, when I click on the Details Tab. I see the application I added with an error: cannot bind to the port 33890. ========after ifconfig========== Now it works.