General :: Forwarding Specific Ports Through SSH Reverse Tunnels?
Jun 28, 2011
So unfortunately I live in a place that will not let me have a static IP, so I have been setting up access to my home computer via reverse SSH tunnels that run on an micro amazon ec2 instance. I have gotten SSH to work fine, but I cannot figure out port forwards.Here is a small infographic I made to help illustrate (i felt the question was clearer with a diagram of what I was trying to do. Here are the commands listed in the graphic:I the following on my home computer: ssh -R 1337:localhost:22 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddressand I run this on the ec2 server: ssh -L6600:localhost:6600 -Nf localhost -p 1337
I am looking at using reverse SSH tunnels to manage servers on client sites. I have played around with reverse tunnelling, and have it working on one server back to my middle man server from which I can SSH across from my own PC. All working fine. When I scale this up to 100+ servers reverse tunnelling in, usernames & passwords become a pain, so I'd prefer to use RSA keys instead. My question, finally you might say, is this, to successfully ssh from my PC to the remote server, do the RSA keys need to be on the middle man server as well, or is it just my PC and the remote server?
Right now I have a VPS that I tunnel through using SSH/Putty/Proxycap. I use it for a certain program which uses a certain port X for authentication, and a different port Y for its data. However, due to certain security protocols I need port X to be somewhat "transparent" so that the IP from the originator will be shown - whilst tunneling data through port Y. The conditions though, are that I cannot just change the X/Y port values in the application itself, these are company specific.
How would I go about doing this? Because right now, my understanding is that if Putty calls for a certain application to go through a socks server, ALL its ports will be directed at that. I want a certain port to be passthrough.
I'm working on a Linux (fedora) based arcade dance machine using a game called Stepmania. I've got it all up and running and i'm trying to get it to work with two dance pads.
It detects the dance pads fine and they work well, the only issue is that when the machine is turned on it seems to randomly pick which pad is /dev/input/js0 and which is /dev/input/js1
What this leads to is the pad on the left controlling the character on the right & vice-versa. So I was wondering if there is any way to tie or map the joystick to a particular USB port so they always stay where they should ? Or is there another way this could be accomplished ?
Im running a web server on port80, but i want traffic coming from ip 212.333.111.222 on port 80 to be fowarded to port 9020 on the same server that my web server is rinning at that is my sshd port
I am running a server with ssh and a vpn server set up. It is behind a debian router with a firewall which uses iptables. i have it set up to forward ports 22 and 443 to ssh on a computer within the LAN(so when on a restricted network i can still ssh into my network) and forward anything to 1723(for my vpn) to that box also. However, the only port that gets successfully forwarded is port 22. The other two appear closed. here is what the script looks like:
This morning I was looking at the router's log file and noticed a certain IP address was able to gain LAN access on port 2222. That just happens to be the port my SSH server is listening on! A whois search revealed that IP address is in Germany. As soon as I found this out I stopped forwarding all ports to this machine in my router.
how to tell what had happened, what information this person was able to obtain, and if he left any goodies behind that could hurt me? I've read through some of the logs on my computer and haven't been able to find much at all. I did have some personal information on the hard drives, but that information is encrypted. I'm thinking if they were able to get my SSH password then that information probably isn't safe either (assuming they have some of it).
I'm working on a Fedora 14 based arcade dance machine using a game called Stepmania. I've got it all up and running and i'm trying to get it to work with two dance pads.
It detects the dance pads fine and they work well, the only issue is that when the machine is turned on it seems to randomly pick which pad is /dev/input/js0 and which is /dev/input/js1
What this leads to is the pad on the left controlling the character on the right & vice-versa. So I was wondering if there is any way to tie or map the joystick to a particular USB port so they always stay where they should ? Or is there another way this could be accomplished ?
I like to set in iptables to allow access from one host to my server on any ports.Currently the iptables have been configured to deny all and to allow access only to those I've specified.
Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.
I have multiple ssh tunnels that I need to run on startup. Does anyone know a working way to do that? I have tried creating a script and putting it in all sorts of directories (/etc/init.d/, /etc/, /etc/network/if-up.d/). I have also tried appending the commands to /etc/rc.local but nothing works. The script is actually executed in all these places because I tried putting a simple mv command in there and that was executed but these ssh tunnels won't be constructed. My script looks something like this:
I want to login to my university server, in windows i used Putty and rdp.the setting in putty (download to my ubuntu and runnig) SSH-> tunnels
destination: 2.bgu.ac.il:3389 source port:7000 on local session SSH type 1.bgu.ac.il port:22
so far so good i logged in and i can see the files on the 1.bgu the next step is to open RDP and ask him to login localhost:7000Not Working, i use Gnome-RDP and Remmina Remote Desktop Client no luck on both.
got the problem with multiple ssh-tunnels. The case is:I have 1 server running Slackware 13.0 with external ip and few windows-machines. inetd daemon is running on the server, my script is listening on port 2345. I create multiple ssh-tunnels from client machines to the 2345 port of the server in order to initiate script execution. For debugging reasons the script simply echoes the incoming information to the connection initiator. This is how the connection is initiated.
Code: ssh <user>@<my_server_IP> -L 5555:<my_server_IP>:2345 echo "hello"|nc -vn 127.0.0.1 5555 (a port on a client-machine, that is forwarded to <my_server_IP>:2345) gives "hello" output. Code: client1 port 5555|----ssh-tunnel---- eth0|-------server---------------|
[Code]...
The problem is that i need my script to execute some commands (registry parsing) on a remote client machine with winexe utility. So I need to identify each tunnel or each connection in order to execute the command on each of the client workstations. I need at least to have access to some ID of the ssh session or a tunnel, through which a certain connection was initiated and then use it to create a reverse tunnel or just connect to certain client via that client`s tunnel.
if I'm connected to one of VOIP Providers using a VPN connection to this provider, how the government will know that I'm doing such this issue ? how can I mis-track that activity ?
I'm writting an app for desktop and embedded linux and I need to get information about the multiserial port, and I need to know which port is been used (by a printer, por example).The multiserial I'm using is an Altera Corporation Device 0004, and I just need to tell how many ports are there and how many is been used.
I have a file consisting of unique IP addresses - one per line I want to find the name of the host for each address. I tried the following:
Quote:
nslookup < file_name
This worked except it gives me a lot of extraneous information such as the servers providing the answers. This is too much information for me and would simply like each line of IP numbers to be replaced with a domain name. I tried using the same strategy using host and hostname and dig but I must have given the wrong command as I had no results.
I want to record an internet radio station starting at 2:00am tomorrow morning. The specific program on the radio station lasts until 6:00am. The command I need to run to record the station is: Code:mplayer http://wjcu.jcu.edu:8001/listen.pls -ao pcm:file=indie_heat_of_the_night.wav -vc dummy -vo nullI'd use cron, but 1. I'm not sure how to and 2. it seems unnecessarily complicated for something that I only want to run once. If cron is the only/easiest solution, I guess I'll just have to resort to that, but I'd rather not.
I have a html page and I would like to search for the occurance of a given string as an anchor. Then I would like to search backward for a the first match to a given regular expression. As a result I would like to output the text between the two points.
Please note that I would like to have the output up to the first regex match before the ANCHOR point.What is the best tool to solve this?
I have a question regarding the possibility of streaming video using an Apache web server configured as a reverse proxy. Suppose I have a local web server and areverse proxy that is abroad. I want users that are nearer the reverse proxy to be served by it and not my local web server. I know in general how to configure this and there is a lot of documentation. But can it be configured to support video file streaming without saving all the media content in the reverse proxy disk?