SSH Tunneling - How?

Hi all.

Just need to setup one ssh tunnel from a remote port 80(REMOTE_ONE) to
another IP(REMOTE_TWO) on port 8080.
So, here we go...
Connecting to the remote machine as ROOT:
ssh REMOTE_ONE
pass ...
login OK

Now, create the tunnel

SSH -L 80:REMOTE_TWO:8080 root@REMOTE_TWO -N
pass...

Now, after this connection all stops, what seems all OK.
When i try http://REMOTE_ONE i get connection refused.

What did i do wrong?

I am sure that REMOTE_TWO is running a http server cause i can access
it.
After searching the net, also configured sshd_config file as
AllowTcpForwarding yes.

What else ?
Any hint?

(E-Mail Removed) writes:
> Hi all.

Hi,

> Just need to setup one ssh tunnel from a remote port 80(REMOTE_ONE) to
> another IP(REMOTE_TWO) on port 8080.
> [...]
>
> SSH -L 80:REMOTE_TWO:8080 root@REMOTE_TWO -N
> pass...

Your are here forwarding what is going out of _your_ port 80 to port
8080 of REMOTE_TWO with the help of (ie, via) REMOTE_TWO.

Is it really what you want? Could you explain what you need a bit
better? What about REMOTE_ONE?

Bye,
-AJ

thanks for your reply...

Listen...

REMOTE_ONE is a server that runs SSH on 22 where i have a root access.
Also can listen on port 80.
REMOTE_TWO is a home (firewalled, blocked port 80) and root access too.

Using REMOTE_TWO ssh client, i need to make REMOTE_ONE listen on port
80 as if it were REMOTE_TWO on 8080, so i am tryin to create a ssh
tunnel after milions of trys to do it using iptables with no success.

Hope you can help me now.

Thanks again.

(E-Mail Removed) writes:
> thanks for your reply...

You're welcome.

> REMOTE_ONE is a server that runs SSH on 22 where i have a root access.
> Also can listen on port 80.
> REMOTE_TWO is a home (firewalled, blocked port 80) and root access too.

Is 8080 blocked too? What are unblocked ports? Only the ssh one?

> Using REMOTE_TWO ssh client, i need to make REMOTE_ONE listen on port
> 80 as if it were REMOTE_TWO on 8080, so i am tryin to create a ssh
> tunnel after milions of trys to do it using iptables with no success.

ok. When you are on REMOTE_TWO you type:

$> ssh -R REMOTE_ONE:80:REMOTE_TWO:8080 -l login_REMOTE_ONE REMOTE_ONE

Note the -R instead the -L. That's because the listening side is
located with the ssh server.

> Hope you can help me now.

Hope this helps.

Bye,
-AJ

>Is 8080 blocked too?

-8080 are opened on both.

-What are unblocked ports? Only the ssh one?

All on REMOTE_ONE.

All higher than 1024 on REMOTE_TWO and 22.

>Note the -R instead the -L.
>ssh -R REMOTE_ONE:80:REMOTE_TWO:8080 -l login_REMOTE_ONE REMOTE_ONE

This exactly command does not run, so i removed the first REMOTE_ONE
and tried but didn't work too.

Tried this using the REMOTE_TWO prompt.

What now?

Thanks.

Antoine Junod <(E-Mail Removed)> writes:
> ok. When you are on REMOTE_TWO you type:
>
> $> ssh -R REMOTE_ONE:80:REMOTE_TWO:8080 -l login_REMOTE_ONE REMOTE_ONE

Little addendum; If your are on REMOTE_ONE you can do as well

$> ssh -L REMOTE_ONE:80:REMOTE_TWO:8080 -l login_REMOTE_TWO REMOTE_TWO

Hope all is fine now!
-AJ

Tried both commands and still got connection refused.

Seems this lines are right, i am probably missing another thing.

Thanks all.

"Alisson Landim" <(E-Mail Removed)> writes:
> Note the -R instead the -L.
>
> $>ssh -R REMOTE_ONE:80:REMOTE_TWO:8080 -l login_REMOTE_ONE REMOTE_ONE
>
> This exactly command does not run, so i removed the first REMOTE_ONE
> and tried but didn't work too.

okay. And what about the GatewayPorts variable in sshd_config on
REMOTE_ONE? It should be set to yes or clientspecified. When changed,
restart the sshd deamon.

If that variable is set to no, it will bind a port in the loopback
interface od REMOTE_ONE, and not the public interface of
REMOTE_ONE. It means that if it is set to no, you will be able, on
REMOTE_ONE to do for example

$> telnet localhost 80

If it set to yes, you'll be able to do

$> telnet localhost 80

and

$> telnet REMOTE_ONE 80

If it is set to clientspecified, it will be possible to telnet what is
specified in your ssh command, REMOTE_ONE in our case.

> What now?

Check this variable

Hope this helps.
-AJ

Antoine Junod wrote:

> okay. And what about the GatewayPorts variable in sshd_config on
> REMOTE_ONE? It should be set to yes or clientspecified. When changed,
> restart the sshd deamon.
> Check this variable
>
> Hope this helps.
>

Man...

You got it!

That variable was the key!!!!!!!!!!!!!

It's working!

I added the line GatewayPorts yes!!!

Newsgroup rocks!I never come here before hard tries...
Now, how could i solve this if you dind't decided to help me. None
tutorials refer to that variable...

DOUBLE THANKS!!!!

will help someone now...

bye!