[plug] SSH Tunnel

Russell Steicke r.steicke at bom.gov.au
Thu Apr 6 12:47:27 WST 2006 

On Thu, Apr 06, 2006 at 12:04:49PM +0800, Michael L. Benjamin wrote:
> 
> Ok, not quite there yet...
> 
> I'm using this command now...
> 
> #ssh -L 110:mail.iinet.net.au:110 <localIP> -l username
> 
> I can connect locally on that server to 110 and get the POP3 session
> from the iinet mailserver. So that part of
> things is working nicely.
> 
> Remotely I cannot connect though. Iptables is set to allow through 110
> so this is not the issue.
> 
> I can connect up via PuTTY, and open localhost 110 on the XP machine,
> but it closes the connection off immediately.
> 
> I'm using a tunnel with source port 110 with PuTTY. <server1_IP>:110 is
> the destination. 
> 
> What I'm seeing is that <server1_IP> is not listening on port 110...
> argh. A telnet to that address on port 110
> results in a connect failed.
> 
> Now I'm confused...

Terminology is getting in the way a bit here.  I'm not sure what you
mean by "locally" in there.

With the -L option you have above, server1 (which I assume is
<localIP>) is not listening on any ports.

Here's how this should be working:

- On XPbox, you do the putty equivalent of

    ssh -L LOCALPORT:mail.iinet.net.au:110 -l username server1

- putty on the windows XP box listens on LOCALPORT for connections.
  (The linux ssh client only listens on the lo interface, I'm not sure
  if putty restricts this as well.)

- Your mail client on XPbox connects to XPbox:LOCALPORT, or
  localhost:LOCALPORT.

- Putty sees this connection, and arranges to forward this over the
  ssh tunnel.

- sshd on server1, by arrangement with putty, makes a connection to
  mail.iinet.net.au:110 when it sees the forwarded connection.

- Traffic from XPbox is forwarded through the ssh tunnel to server1
  and then to mail.iinet.net.au:110, and replies from
  mail.iinet.net.au:110 are sent back through the ssh tunnel to XPbox,
  so your mail client can talk POP3 to mail.iinet.net.au

server1 is not listening on either 110 or LOCALPORT, unless you
arrange that separately.  Arranging for server1 to listen on 110 or
LOCALPORT will have no effect on the ssh tunnel or any forwarding that
the ssh tunnel is doing to mail.iinet.net.au.

If connections from your mail client on XPbox to XPbox:LOCALPORT are
closed immediately, that means that the connection from server1 to
mail.iinet.net.au:110 is either mis-specified, or is being rejected.



-- 
Russell Steicke

-- Fortune says:
Arithmetic:
	An obscure art no longer practiced in the world's developed countries.

More information about the plug mailing list