SSH forwarding

[lamazzi]

Hello all,

I have a SSH server (server1) behind a NAT and I can't control or modify it.
I'm trying to find a solution to bypass it.
I have a VPS with CentOS 7 (server2) and I'm trying to use it as a middleman between my server and the people who needs to access it.
I've never configured a linux machine before...

I didn't change anything in the settings of CentOS except setting GatewayPorts to 1 and restarting the sshd.

From my server1 I open a SSH connection like this: ssh -R 10021:localhost:22 user2@server2
On the CentOS server (server2), I can see it listening on the port and if I do this: ssh -p 10021 user1@localhost, I'm in server1.

However if I try from my machine to do the same: ssh -p 10021 user1@server2, I have "connection refused".

I'm gathering the CentOS server is denying the connection but I don't know what I have to do to allow it.
I've tried to stop the iptables service for a moment but it didn't help.

Any suggestions ?

Thank you!

lamazzi

[lamazzi]

For the record, there were two separate problems:

- First one, I had to reboot the machine. For some reason, restarting the sshd wasn't enough.
Found my answer here: http://stackoverflow.com/questions/2729 ... on-refused

- Second one, as I suspected iptables was blocking the incoming connection and here the command line used (suggested by a kind person on another forum):

Code: Select all

iptables -I INPUT -p tcp --dport 10021 -j ACCEPT

[aks]

There is some software in EPL called autossh (well I think it's EPEL, it may be in the main repos). Makes setting up an end to end tunnel with SSH quite easy (well easier). Have a look at it. I've used it like this:

autossh -M 0 -q -f -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -L 4002:localhost:80 tunnel@1.1.1.1

You can pass arbitrary ssh options to it too (so keepalive and so on). You still need to open the ports used on any firewalls involved.