Remote port forwarding (binding to *)
Matt Johnston
matt at ucc.asn.au
Wed Sep 13 11:33:17 WST 2006
On Tue, Sep 12, 2006 at 10:02:38PM +0200, Alex Still wrote:
> I'm trying to do this :
>
> baculaserver-----router1-----<public net>-----router2-----laptop
>
> Baculaserver and laptop are NAT'ed on their respective network. What im
> trying to do is SSH from laptop to router1 (running dropbear) and remote
> forward a port from there back to the laptop running the bacula client.
> That's why I need the remote forwarding to work on all interfaces on
> router1.
>
> >From laptop : ssh -R 3000:localhost:2000 alex at router1
> On router I see :
> netstat :
> tcp 0 0 localhost:3000 *:* LISTEN
>
> I hope this is more clear and that i haven't missed anything obvious !
Thanks, that's clear :)
I've just noticed that OpenSSH ~4.0 added an extra feature to
-R, and it now binds to localhost by default (rather than
0.0.0.0 and letting the remote side restrict it further).
-R [bind_address:]port:host:hostport
So I think you'll want to use "ssh -R :3000:localhost:2000 alex at router1"
(an empty bind_address or '*' means any interface). You'll
still need -a for Dropbear (equivalent to GatewayPorts
mentioned in the ssh manpage).
Matt
More information about the Dropbear
mailing list