Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Jul 2002 11:44:25 -0700 (PDT)
From:      Philip Hallstrom <philip@adhesivemedia.com>
To:        questions@FreeBSD.ORG
Subject:   Confusing problem with SSH port forwarding.
Message-ID:  <20020711113111.L37674-100000@cypress.adhesivemedia.com>
In-Reply-To: <1026407695.5bd5cffcjud@myrealbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi all -
	I've been tearing my hair out for an hour now trying to figure
this out and I'm completely stumped.  Didn't see anything in the archives
which hopefully means I'm just doing somethign stupid, but I don't see it.

Here's the environment:

win2k_client ----
                 \
server1 ----------- hub -- firewall -- internet -- server3
                 /
server2 ---------

server1 and server3 are running web servers.
firewall is also running natd.

If on server2 I do

  ssh -l user -g -N -v -L 8888:server1:80 localhost

then from win2k_client I can go to http://server2:8888 in IE and it works
like I'd expect it to.  That is, I get the home page of server1.

If on server2 I do

  ssh -l user -g -N -v -L 8888:server3:80 localhost

then...

- from win2k_client IE just sits and sits and sits -- and no entries are
generated in server3's log files.

- from win2k_client I can do Start->Run->telnet server2 8888 followed by
"GET / HTTP/1.0" and I *do* get the home page of server3.

- from server2 I can also telnet to port 8888 and get a connection, but
fetch fails with "fetch: -: Undefined error: 0"


What I don't understand is that obviously the tunnel is setup and running
since it is possible to use it, but why can't IE or fetch connect?

I don't think it's a webserver issue because both servers are configured
to respond to any IP address they know about.  And changing port 8888 to
port 80 doesn't make a difference in the results.

SSH Version is: OpenSSH_2.9 FreeBSD localisations 20020307, SSH protocols
1.5/2.0, OpenSSL 0x0090601f

Do I need to upgrade all the ssh servers to the latest?  Doesn't seem like
it since it *is* working.

I'm having the same problem when trying to use SecureCRT or Putty to do
the forwarding directly from win2k_client.  IE won't work, but telnet'ing
directly will.

Anyway, I'm stumped..  anyone got any ideas?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020711113111.L37674-100000>