Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
Foward specific port through interfacesHi all, while Debian comes with iptables i tried to configure it to my needs and all went pretty well. Now i've got a minor problem, while intalling debian on my friends box i noticed he didn't have a W-Lan card. Since i need to have the box nearby because of some hardware tweeks i thought i could hook it up to my laptop and then forword some ports on my laptop to his box and vica versa. But this last thing wouldn't work, i can't get a deasent forward working. It is possible to ssh into my laptop and then using again a ssh session to login to the box but that's not what i had in mind. My laptop has 2 interfaces eth 2 (wlan) dhcp ip (10.0.0.2) The freshly installed box has only eth0 static ip 10.10.10.11 so i would like to have a forward made on my laptop: dest ip: eth 1: 10.10.10.11 but i can't get this to work.... anyone an iptables command line example to for the correct forwarding procedure? regards sjors Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
Foward specific port through
I know you don't want to use ssh to login through your laptop and then again to the other box, but how about port forwarding using ssh? That seems easier than getting iptables to do the same thing.
When run on the laptop, the command would be
$ ssh -l user -L 443:localhost:22 10.10.10.11
The "localhost" actually refers to the box. The ssh manpage is not quite clear, but the description of the option
-L port:host:hostport option
really means
-L local_port:knownhost_on_remote_side:port_on_remote_side .
Foward specific port through
i get what you mean, this should be a solution too but when i try to connect to the laptop on port 443 i get a "connection refused" error with putty.
When i executed your line ON my laptop "ssh -l username -L 443:localhost:2 10.10.10.11" i instantly get a password request for 'username' from my 10...11 box. So basically i ssh'ed into my laptop to execute this line and then ssh'ed again into my 10...11 box... so this is the same double login i was trying to avoid. Disregarding i thought this was necessaray to make the forward but as i wrote before, i get a 'connection refused error'....
doesn't 'known_host_on_remote_side' needs to be the 10...11 box in stead of 'localhost'? -> tried this; again had to login right away on the 11 box and again laptop refused connections on 443 (iptables all open)
what am i doing wrong?
sjors
Foward specific port through
Found it!!
i think you didn't undertand my question quite right (or i explained it wrong :)) but the trick was to use your line on my controlled pc.
let me explain my question more clear:
i got 3 pc's running:
1
os: windows xp using putty
ip: 10.0.0.1 (wlan)
2 laptop
os: linux
ip: 10.0.0.2 (wlan)
10.10.10.10 (fixed lan)
3 friend's box
os: linux
ip: 10.10.10.11 (fixed lan)
so my laptop is cabled with my friend's box (fixed lan conn)
via an access point my box is connected with my laptop.
i would like to make an ssh connection directly to my friends box; so my laptop should foward traffic from wlan to fixed lan.
solution:
using putty:
port forward (local)
4444 -> 10.10.10.11:22 (viewed from server side = laptop in this case)
login into laptop
then login using a new putty session on localhost:4444 -> direct ssh conn with my friends box !
ty matt... this works good enough for me!
Glad you got it to work!
Glad you got it to work! ssh forwarding is always tricky to get right.
Foward specific port through
Since you got me interested in the available functions of the ssh daemon i've read some documentation carefully (i know, i know... that should have been my first step). You're suggestion wasn't wrong after all, the only thing that was keeping it from working right was a security feature off the deamon: "GatewayPorts"
GatewayPorts insures that tunnels created only are available for the loop back interface for security reasons.
by default 'off' and not even present in the standard debian config. So entering "GatewayPorts On" into my sshd_config on my Laptop did the trick. Now i was able to connect to that 443 port on my lap.
Don't get me wrong Matt, i'm in no way attacking your knowledge, just like to clear this 'problem'for other newbies ;)
best regards Sjors