[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to enable non-standard tcp port connections from a non-localhost machine?

On Tue, Dec 31, 2002 at 09:23:44PM -0800, Michael Toomim wrote:
> I'm trying to set up an ssh tunnel from a machine behind a firewall to a 
> machine with a public IP with a command like this:
> $ ssh -R 20150:localhost:22 computer.server.com
> This should cause port 2501 on computer.server.com to be an alias for 
> port 22 (sshd) on my local computer.
> This command executes fine.  However, when I try to ssh to port 2501 
> from an outside computer, I get a "connection refused" error:
> $ ssh -p 20150 computer.server.com
> ssh: connect to host computer.server.com port 20150: Connection refused
> Something isn't letting my connection through.  The weird thing is that 
> I CAN connect to this port from computer.server.com, with the command:
> $ ssh -p 20150 localhost
> ... but I CAN'T connect from any other computer, or even from 
> computer.server.com using its ip address instead of "localhost":
> $ ssh -p 20150
> ssh: connect to host port 20150: Connection refused
> Can anyone tell me what I have to do to fix this?  I've had this problem 
> both on sid and woody.  I've removed both the iptables and ipchains 
> packages.  My hosts.allow and hosts.deny are both empty (I tried adding 
> hosts explicitly to hosts.allow as well, just to check).  This seems to 
> be a problem ONLY with ports I create myself -- the ports used by 
> apache, sshd, etc. all work fine and I can cannect to them from 
> anywhere.  This also seems to be somewhat debian-specific: the ssh 
> command I used above works fine when I'm trying to forward packages 
> through a redhat or solaris box.

Have you tried using netstat to see where ssh is listening?  If it's
bound itself to the 'lo' interface (local loopback) you'd get exactly
this behaviour.  No idea how to fix it, even if I'm right, but it might
point you in a useful direction :-)


Attachment: pgphV2czJCbNU.pgp
Description: PGP signature

Reply to: