0

Here my scenario:

192.168.2.222 --- VPN ---> 192.168.2.200 / 192.168.0.10 --- LAN ---> 192.168.0.50
My local machine           My remote machine                         Target server

Due to the netmask of the VPN interface (/24) from my local machine I cannot reach the target server directly.

But if I SSH into my remote machine, then I can reach it because the remote (local) interface is on the same subnet of the target server.

In order to use some tools on my local machine I want to enable SSH tunnel on my remote machine.

For example, let's say I want to access a SQLServer server (port 3306) on the target server. I set up DBeaver to use SSH tunnel on my remote machine but it cannot connect to the database.

On my remote machine the sshd.config file is the following:

Include /etc/ssh/sshd_config.d/*.conf
ChallengeResponseAuthentication no
UsePAM yes
GatewayPorts yes
X11Forwarding yes
PrintMotd no
PermitTunnel yes
AcceptEnv LANG LC_*
Subsystem sftp  /usr/lib/openssh/sftp-server

To manually test it out I did:

$local ssh -L 13306:192.168.0.50:3306 [email protected]
$local sqsh -S 192.168.0.50:13306 -U user -D database -P password

I got:

sqsh-2.5.16.1 Copyright (C) 1995-2001 Scott C. Gray
Portions Copyright (C) 2004-2014 Michael Peppler and Martin Wesdorp
This is free software with ABSOLUTELY NO WARRANTY
For more information type '\warranty'
Open Client Message
Layer 0, Origin 0, Severity 78, Number 41
Unable to connect: Adaptive Server is unavailable or does not exist
Open Client Message
Layer 0, Origin 0, Severity 78, Number 41
Unable to connect: Adaptive Server is unavailable or does not exist

Issuing the very same command on my remote machine (of course using 3306 instead of 13306) leads to a successfully connection.

I also checked the port 13306 from my local machine but it's still closed:

$local nmap 192.168.2.200 -p 13306

Starting Nmap 7.80 ( https://nmap.org ) at 2022-04-15 13:10 CEST
Nmap scan report for 192.168.2.200
Host is up (0.014s latency).

PORT      STATE  SERVICE
13306/tcp closed unknown

What should I set up further?

Improve this question
2
  • With ssh -L 13306:192.168.0.50:3306, IIRC it binds to localhost on the local system by default since no bind address is given, so your sqsh command should be using localhost:13306 instead of 192.168.0.50:13306. Commented Apr 15, 2022 at 12:03
  • That's true, in fact nmap show the local port 13306 open. sqsh starts but does nothing, there is no prompt or whatever. Commented Apr 15, 2022 at 12:16

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.