Join Log in
Score:0
ke xu avatar Server

SSH forwarding works on local but fails for the remote

au flag
ke xu

I made a port SSH local forwarding on a remote machine:

ssh -N -L 127.0.0.1:3388:127.0.0.1:22 localhost

it works on the remote machine itself:

telnet localhost 3388

returns

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

However, when I use this forwarding from the local machine:

telnet remote.ip 3388

it fails:

Trying remote.ip...
telnet: Unable to connect to remote host: Connection refused

One may think the 3388 port of the remote machine is blocked by the firewall or something from the network, so I turned off the SSH forwarding and tested a http server listening on port 3388 on the remote machine:

python3 -m http.server 3388

then I connect to this port from my local machine:

telnet remote.ip 3388

The result gives

Trying remote.ip...
Connected to remote.ip.
Escape character is '^]'.
quit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
        "http://www.w3.org/TR/html4/strict.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
        <title>Error response</title>
    </head>
    <body>
        <h1>Error response</h1>
        <p>Error code: 400</p>
        <p>Message: Bad request syntax ('quit ').</p>
        <p>Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.</p>
    </body>
</html>
Connection closed by foreign host.

which means the port 3388 on the remote machine is accessible to my local machine. So why both the SSH forwarding and the network work properly by individual, but it fails when they are combined? Somebody knows how to fix this? Thanks.

265
1 + 1
ssh
Michael Hampton avatar
cz flag
Michael Hampton
Everything appears to be working correctly. What were you expecting to happen?
0
Reply
Score:0
slightly_toasted avatar Server
bd flag
slightly_toasted

You set up the SSH local forwarding so that it only listens on localhost port 3388. Localhost is not reachable from other devices on the network, which is why you weren't able to remotely establish a connection.

In order to expose the forwarding port to other machines on the network, you need to bind it to a reachable address such as 192.168.1.5 or 0.0.0.0 (all interfaces).

e.g. ssh -N -L 0.0.0.0:3388:127.0.0.1:22 localhost

0 + 1
ke xu avatar
au flag
ke xu
Thank you that solved my problem, but I still don’t understand why it works on some other machines if I didn’t add the 0.0.0.0
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.