2

I have a virtual machine located inside a private network. So firstly, I should come in server.com and then come in my-machine.

I want to make ssh-tunnel from my laptop to my-machine.

ssh -v -A -nNT -L 40000:127.0.0.1:40000 [email protected] ssh -v -nNT -L 40000:127.0.0.1:40000 my-machine &

Now I want to test ssh-tunnel with netcat.

I run at my-machine:

nc -l 40000

At my laptop:

~ ❯❯❯ nc 127.0.0.1 40000

But it gives me:

debug1: Connection to port 40000 forwarding to 127.0.0.1 port 40000 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 40000 for 127.0.0.1 port 40000, connect from 127.0.0.1 port 49692 to 127.0.0.1 port 40000, nchannels 3

Why this happen and how to fix it? I expected that anything I type in my laptop console will appear in my-machine console.

What last string means? Especially 127.0.0.1 port 49692 why this port is used? I never type it. 

debug1: channel 2: free: direct-tcpip: listening port 40000 for 127.0.0.1 port 40000, connect from 127.0.0.1 port 49692 to 127.0.0.1 port 40000, nchannels 3
Improve this question

1 Answer 1

Reset to default
2

Every TCP connection is point to point needs two pairs of IP addresses and ports. Reading all the message (not just the part you showed):

connect from 127.0.0.1 port 49692

So indeed you are connecting to the port 40000, but you are connecting from port 49692 (randomly assigned for your netcat or some of the forwarded steps).

How to fix this problem?

This double-jump forwarding does not work, because you need the second established before the first one.

Also you are using -N switch for the first command, which is preventing running the second ssh command.

But I would give it a shot with ProxyCommand, which will make you connect to the destination with single command directly from your host:

ssh -v -nNT -L 40000:127.0.0.1:40000 \
    -oProxyCommand="ssh -W %h:%p [email protected]" my-machine &
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

How to fix this problem?
Added more details in the answer.
Why I need the second connection established before the first one?
Because you need to forward the remote protocol to local and once you establish the first connection, on the jumphost, there is no port to forward (yet).
About shot with ProxyCommand: is it correct? I have an error that Connection closed by remote host. It is worth to note that my-machine is not directly visible to me.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.