Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Two-hops SSH tunnelling

from [Thiago LPS] Network Security [Permanent Link]
Subject: Re: Two-hops SSH tunnelling
Date: Wed, 24 May 2006 17:30:59 -0300 
may be you need to do a portforwarding with iptables to redirect the trafic from
goofy to server

becouse when you use ssh to redirect ports , the ssh tunnel open a
port on both hosts and them you cant bind two seem ports on a single
host

you need to do a port forward to connect the port from goof to the
port to server

x.x.x.1:1984---------------x.x.x.2:1984
SERVER   <-----1984-----   CLIENT
                                      y.y.y.1:1984
-------------------  y.y,y.2:1984
SERVER   <----------------(CLIENT)----------1984------   GOOFY

On a CLIENT server you put the iptables portforwarding rule to
redirect all trafic from y.y.y.1:1984 to x.x.x.2:1984 ( like a
connector.. :D )



On 5/23/06, Loris Serena <lserena@gmail.com> wrote: 
Guys,

I managed to get the following working:

----------------------------------------------------------------------------------------------------
A firewall between SERVER and CLIENT only allows TCP port 22 from
SERVER to CLIENT (but not viceversa!)

    SERVER    -------22------>   CLIENT

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from CLIENT to SERVER:

    SERVER    <-----1984------   CLIENT
------------------------------------------------------------------------------------------------------

by running (on SERVER):
$ ssh -f -N -R 1984:SERVER:1984 CLIENT


Now I'd like to add the next (and last) bit of the configuration to the
picture:

There is another firewall between CLIENT and GOOFY, again only allowing
TCP port 22 from CLIENT to GOOFY (and NOT viceversa!):

     SERVER    -------22------>   CLIENT   -------22------->   GOOFY

What I would like to achieve via ssh tunnelling is to send TCP port
1984 traffic from GOOFY to SERVER (through CLIENT):

     SERVER   <-----1984-----   CLIENT
     SERVER   <----------------(CLIENT)----------1984------   GOOFY

Please note that:
a. the remote forwarding of 1984 from CLIENT to SERVER is already working;
b. there is no native process on CLIENT listening on port 1984.

I ran `ssh -f -N -R 1984:127.0.0.1:1984 GOOFY` on CLIENT,

but testing that with telnet from GOOFY, it failed as follows:

[GOOFY]$ telnet localhost 1984
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


So, how do I do that?
Any security issues I shold be aware of?


Thanks in advance

Ciccio



--
--------------------------------------------------
Thiago LPS
C.E.S.A.R - Administrador de Sistemas
msn: thiago.lps@gmail.com
0xx 81 8735 2591
--------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Two-hops SSH tunnelling, Robert Hajime Lanning
Next by Date:  Re: Kerberos 5 authentication without password?, Bulgaria Online - Assen Totin
Previous by Thread:  Re: Two-hops SSH tunnelling, Robert Hajime Lanning
Next by Thread:  Entering the Passphrase through stdin, Richard L Ross
Indexes:  [Date] [Thread] [Top] [All Lists]