Combo unix ssh port forwarding + iChatAV + Bonjour question

Similar Messages

• Ssh Port Forwarding Stopped Working

  I have used ssh port forwarding in the past, and it has come in handy.
  I have recently upgraded to Mavericks, but it does appear that my ssh port forwarding stopped some time before this. The last time I know it worked was 5/14/14, and feel it has worked more recently as well.
  Here's what I do, from my Mac I ssh to my work jump server (port 22, let's say its IP is 11.22.33.44), and my jump server has access to work PC (lets say IP of 10.1.2.3). My work PC has RDP running on it on the common port 3389. I have verified that I can set up a working RDP session at work from another box. Also, I know that my jump server can get to my PC at work as I can ping my work IP if I just ssh straight to my jump server. And I know that there is no firewall stopping me from the jump server as I can also open a telnet session to my work PC on port 3389, without errors.
  So, here's how I have done it in the past and it has worked, but now recently stopped working in Terminal app:
  ssh  -f  [email protected]  -L  3388:10.1.2.3:3389  -Nnv
  The verbose logging shows that it sets up connectivity. If I then look to see if my local port is listening I can type:
  netstat  -an  |  grep  127.0
  I will note that port 3387 is in fact LISTENing and waiting for connection
  I then start my RDP client app, and start a session to "localhost:3387" (I could also use "127.0.0.1:3387", and have, but it does not work either). My RDP client eventually times out. I have turned my firewall off and on, neither way works.
  Does anyone know why this may have stopped working?
  Your input is most appreciated.
  The verbose log shows the following is setup appropriately (with noted modifications to server names and actual IPs):
  debug1: Authentication succeeded (keyboard-interactive).
  Authenticated to somewhere.net ([11.22.33.44]:22).
  debug1: Local connections to localhost:3387 forwarded to remote address 10.1.2.3:3389
  debug1: Local forwarding listening on 127.0.0.1 port 3387.

  Unfortunately I don't have another device to test if RDP is working on my LAN, however, when I check out my network connections and this is what I see after setting up the ssh tunnel and prior to attempting the RDP connection (again names protected):
  my-rmbp:~ me2$ netstat -an | grep 127.0
  tcp4       0      0  127.0.0.1.3387         *.*                    LISTEN
  Then, as it is difficult to catch in the middle of TCP 3-way handshaking, here's what happens after an attempt with the RDP client while it sits and spins:
  my-rmbp:~ me2$ netstat -an | grep 127.0
  tcp4       0      0  127.0.0.1.3387         127.0.0.1.50323        FIN_WAIT_2
  tcp4       0      0  127.0.0.1.50323        127.0.0.1.3387         CLOSE_WAIT
  tcp4       0      0  127.0.0.1.3387         *.*                    LISTEN
  You can clearly see it's attempting to make a connection over the tunnel via my RDP client, but it's being shut down right away. I will obtain a WireShark packet capture and see exactly what's happening. Oh, and if I tried to RDP to a port other than the one I set up the port forwarding tunnel with, RDP would disconnect right away.
  What I'm most interested in is why, without any known changes, other than OS updates, did this work a few months ago, and now it does not?
  I have also tried other test ssh port forwarding, such as to www.apple.com forwarding 8080 on localhost to 80, and others, and none of those work either with web browsers, I assume this is something Apple has done to disable ssh port forwarding/tunneling. Perhaps someone else has bumped into this and found a fix? Please share!
  Also, I have heard that you have to be root in order to set up port forwarding, but clearly this is not accurate, as it worked before, and also as you can see above it worked without root. But I tried both ways, and sadly neither worked.
  Could it by my jump server? Possibly, but others at work do this and it works just fine for them from their Windoze PCs. So can't be that either.
  Perhaps my capture will tell me, I'll report back here with what I discover. Thanks in advance!

• SSH port forwarding

  can i declare port forwerd fix for an specifie client into ssh server?? mean when this client or this machine demand port i request the port 555 only not random one as in tlenet ftp

  Has an answer to this been found yet? I'm getting the same error but over different ports. Granted, I don't use the -L option; I opted to put everything in ~/.ssh/config instead so that I don't have to type it every time I connect.

• WRV210 port forwarding only works on http!!!

  I'm trying to use SSH port forwarding, and VNC on the future.
  Right now the only one that is working is http. I have enable both HTTP and SSH over two different PCs, and only the http one is working.
  We already have version 2.0.0.11. Also tried DMZ the second PC and didn't work.
  I hear about to use DHCP, and then I defined the second PC mac on the table, and still didn't worked.
  Any idea of what is going on with this equipment.
  Carlos Alperin

  If you enter the IP address on this page http://www.whatismyip.com/ip-tools/ip-whois-lookup/
  you can see who it belongs to.
  But I suspect that its something within your router that is returning the wrong WAN address. Do you have an ADSL connection, or an Infinity connection?
  Yo may have difficulty connecting to your own external WAN address from within your own network, unless your router has NAT loopback enabled.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• Difference Between Port Forwarding and Port Triggering.

  Hi guys,
  I'm lost! The differences between port forwarding and port triggering is driving me nuts! It all seems very subtle to me. Can anyone explain to me (in a very simple way) what exactly are their differences. Thanks in advance!!

  Port Forwarding
  The big difference between this and port triggering is that forwarding is fixed.. you forward a port and it is always forwarded.. IE available to connection.. basically the forwarded port is excluded from the fire walling abilities of the router.  Second it is static and applies to one machine only. Whereas you could set port triggering to the router and thereafter any machine on the LAN can trigger it unless its already in use.. port forwarding must be specified for each individual machine.
  Port forwarding requires you to give each PC on the network its own unique static IP address.. Although there is ssh port forwarding that can be set dynamically. Most users only have the option of static ip port forwarding.
  The real downside of port forwarding is that it can be very tricky to set up... You may have to allow a series of ports on a machine and have to do that for each machine you want to allow through. Also routers often have limited abilities and may not allow you the ability to forward a port or select the service you require.
  Port Triggering
   This is a way of Dynamically assigning a service to a port WHEN it is required by an outgoing service. The port is initially not allowed so nothing can get in and you are protected by your network.  
  A good example of this is when using Yahoo! voice .. the voice works fine for a few minutes after you connect to Yahoo! then Yahoo! sends some kind of packet that requires a response from your PC... The packet is allowed in through your router no prob but the outgoing reply is not authorized to open a port on the router and is thus blocked. 
  'ope this helps

• Home Hub 3 Port Forwarding Issue - Question to BT

  Question to BT
  Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?
  As i work in IT (Cisco Network Eng) i need to be able to access several devices/services at home and this is a real pain for me. If you think that this could drag on as some posts have indicated could you please let me know and i will either get a draytek or throw in a cisco 1841.
  Thank you
  Dean.
  Current firmware:
  V100R001C01B031SP09_L_B
  Last updated:
  Unknown

  requiem wrote:
  Question to BT
  Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?.........
  Thank you
  Dean.
  Current firmware:
  V100R001C01B031SP09_L_B
  Last updated:
  Unknown
  Hi Dean
  By the look of it you've got the type B version of the HH3 with current firmware.
  From http://bt.custhelp.com/app/answers/detail/a_id/13073
  The latest versions of the firmware are:
  BT Home Hub 3 – Software version 4.7.5.1.83.8.57.1.3 (Type A) or V100R001C01B031SP09_L_B
  Please Click On any Text in Blue as that automatically links to information.
  PC (NDEGR)

• Nginx client_ip in log file, with ssh -R Port forwarding

  Hi, everyone!
  First, I run a nginx server M1 (in my offce)  behind a router R1 and M1's IP addr is 192.168.5.126. I set nginx's log format like this:
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';
  After that, I will get the correct client ip in the access log.
  192.168.5.88 - - [21/Apr/2015:11:12:47 +0800] "GET /js/date.js HTTP/1.1" 200 403 "http://192.168.5.126/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36" "-"
  Then, I want to visit M1 outside (in the campus) .  Unfortunately, I can do nothing with the router R1. But I have a router R2 whose framework is OpenWrt and its IP 222.xx.xx.xx can be visited by anyone who has logged into the campus network.
  Then I wrote a autossh service to do that:
  [Unit]
  Description=AutoSSH service for local port 80 forwarded to 222.xx.xx.xx:80
  # place this in /etc/systemd/system/, than enable this.
  After=network.target
  Requires=nginx.service
  After=nginx.service
  [Service]
  Environment="AUTOSSH_GATETIME=0" "AUTOSSH_POLL=60" "AUTOSSH_LOGFILE=/var/log/nginxssh.log"
  ExecStart=/usr/bin/autossh -M 22000 -NR 222.xx.xx.xx:808:localhost:808 -NR 222.xx.xx.xx:80:localhost:80 -o TCPKeepAlive=yes -p xxxx [email protected] -i /home/username/.ssh/id_rsa
  [Install]
  WantedBy=multi-user.target
  Yeah, It works! BUT BUT when someone visits 222.xx.xx.xx, I lost the  the client ip in nginx log file. That would always be 127.0.0.1, why?
  127.0.0.1 - - [27/Apr/2015:00:34:07 +0800] "GET /static/mathjax/MathJax.js?config=TeX-AMS_HTML HTTP/1.1" 304 0 "http://222.xx.xx.xx:808/url/jakevdp.github.com/downloads/notebooks/XKCD_plots.ipynb" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:37.0) Gecko/20100101 Firefox/37.0" "-"
  After ``ssh -R Port forwarding``,  client ip is lost?
  If so,  what should I use to replace ``ssh -R``?
  Last edited by limser (2015-05-04 12:39:18)

  It seems there is a port forwarding configuration trouble with you modem.
  When you access from the WAN or from the LAN, you don't enter in you modem the same way, so the behavior is different.
  It seems that the port 22 of your modem is not directly forwarded to your server. The modem itself asks you a login/password. The key-pair authentification is between laptop and server. The modem itself is not recognized during this authentification.
  Don't touch your ssh-config. It's OK since it was working for monthes before you change your modem.

• Port Forward and IP address question

  I am configuring my father's computer so that I can "see" his screen. He's on a different network, using a mac with a wireless router. He enables remote desktop login, I use Chicken of the VNC software on my mac to see and control his computer.
  Here's my question, when I set up his router to forward the ports so this will work, do I use the ports for apple remote desktop or VNC? (The ports overlap (5900) but are different.)
  Also, which IP address do I enter into Chicken of the VNC? His router IP, his static IP that we assigned or his computer's IP.
  Thanks for the help,
  Rob

  ok, but in his prefs for apple remote desktop, it gives the static IP address that we set as the address other people can use, so... any thoughts?
  You use that private address if you are in the same subnet as his Mac. That is the address you enter into the port forwarding settings on the router because the router needs to send requests received on the public IP address to that unreachable private IP address.
  When you are on the internet, you can't reach that private IP address.

• Port forwarding, NAT, SSH and Transmission.

  A couple of days ago I decided to setup the Transmission daemon, along with automatization for my downloads. Recently, however, to put a layer of security around my laptop, I set up a wireless router I had lying around that is now connected with a wire to my laptop. The reason for this is that I have no idea how iptables work yet, and until then I decided this will suffice for the moment. One of the problems though (yes, problems seems to come in twenty-fold where my luck is concerned), is that when I rewire my laptop directly to the internet, without the router, NetworkManager or Archlinux doesn't reset the ip address, which for some reason jumps to 192.168.1.122, which it never uses otherwise. I haven't yet tried reinstalling networkmanager, but when I did turn it off, dhcpdcd assigned the same address... The problem here being that it shouldn't assign a LAN-address, I'm directly connected to the internet. Sidenote here though; my internet connection is just a plug in the wall, the operators here (I live on a kind of campus), probably only use a network-switch to relay the traffic to the socket.
  That's that, my wired network doesn't work directly, only via the wireless router, wired or wireless. Because of this, I have to use port-forwarding for SSH (to test if the port forwarding works), and the Transmission daemon with an rcmp port of 9091., which was my intention in the first place. I have no idea if logging into my.ip.address.here:9091 in a browser would work, I just used localhost:9091.
  Now for the results:
  $ nmap -sT xx.xxx.xx.xx
  Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-14 19:42 CEST
  Nmap scan report for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Host is up (0.038s latency).
  Not shown: 996 closed ports
  PORT STATE SERVICE
  22/tcp filtered ssh
  53/tcp open domain
  80/tcp open http
  9091/tcp filtered unknown
  Here it shows that the ports are actually not closed, but they're not exactly opened either, from what I gathered from the internet.
  SSH shows the true problem:
  $ ssh neal@xxxxxxxx
  ssh: connect to host xxxxxxxx port 22: Connection timed out
  SSH-ing to 192.168.0.102 (my internal ip) works, as does to localhost, same for Transmission webGUI. Before I used port-forwarding ssh would correctly say that it couldn't get traffic from the router.
  My router is a cheap solution to another problem I had, but it should work like any router. It's a Sitecom WL-607. I disabled login authentication for the moment. Also, there is no filtering going on in the firewall. Like I said earlier, I don't get iptables, so that's not being used. The hosts file allows all and denies nothing.
  TLDR version; I'm using port-forwarding on my Sitecom WL-607, but all ports except http and the 53 port are being blocked.
  Is there something I'm missing here?
  Thanks in advance,
  Neal van Veen.

  by default, all routers assign there clients an ip address from there internal pool of addresses, your wireless router is assigning you that address and then NAT's the connection with the WAN side, but even after directly plugging in to the wall socket you still dont get a new ip address, use dhcpcd <mydev> in terminal to reresh dhcp lease. if not then your campus/location/etc may also be using NAT on there own side.
  as for the ports, iptables doesnt block any traffic by default, it allows everything. if there is filtering, it is from your wireless router.
  on the above ssh and nmap scans, did u use your lan ip, or your public ip.

• WRVS4400n port forwarding (SSH access)

  I have a WRVS4400n and a CentOS server that I need to enable a SSH access to from WAN.
  I created a single port forward rule to open port 22 and forward to server (which address is 192.168.41.3)
  However ssh connect doesn't happen, the command "ssh user@{external_IP}" times out after 20 seconds.
  Wondering why...
  If I connect my server directly to modem through outside interface - I have no problems connecting to it. Once it's behind router - no luck.
  I even added same rule for UDP, not sure if it's needed, but it definitely didn't hepl.
  The router is on firmware version 2.0.1.3, version on a bottom is 2.
  Any suggestions?

  Hi Randy Manthey, Thanks for quick response. The server has 2 interfaces:  eth0 (outside, WAN) currently down. When it was up it had a static IP, default gateway and mask assigned by ISP. It was plugged into the cable modem at that time, it was accessible.  eth1 (inside, LAN), up, address 192.168.41.3, default gateway 192.168.41.1 (which is above mentioned Cisco router WRVS4400n). It can ping all machines on LAN, including gateway. It is accessible to all machines on LAN and can be pinged by the Cisco router. It CANNOT ping any IP address on WAN (I understand this is because eth0 is down).  Let me know if you need any other info. Thank you.
  Edit: I got home (the router is in one of my offices) and scanned the router with nmap:
  nmap -v -sT -PN XXX.YYY.ZZZ.88
  Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-24 23:24 EDT
  Initiating Parallel DNS resolution of 1 host. at 23:24
  Completed Parallel DNS resolution of 1 host. at 23:24, 0.04s elapsed
  Initiating Connect Scan at 23:24
  Scanning wsip-XXX-YYY-ZZZ-88.nn.nn.nnn.net (XXX.YYY.ZZZ.88) [1000 ports]
  Discovered open port 8080/tcp on XXX.YYY.ZZZ.88
  Completed Connect Scan at 23:24, 6.06s elapsed (1000 total ports)
  Nmap scan report for wsip-XXX-YYY-ZZZ-88.nn.nn.nnn.net (XXX.YYY.ZZZ.88)
  Host is up (0.033s latency).
  Not shown: 999 filtered ports
  PORT     STATE SERVICE
  8080/tcp open  http-proxy
  Read data files from: /usr/share/nmap
  Nmap done: 1 IP address (1 host up) scanned in 6.14 seconds
  Port 8080 - is a port for remoute router administration.

• Cisco 5520 ASA Port Forward to Endian Firewall VPN Question

  Hello,
  We have had a VPN operational on our Endian Firewall which uses OpenVPN server on port number 1194.  We recently purchased a Cisco 5520 ASA to put in front of our Endian Firewall and I am still hoping to use our current Endian Firewall VPN server.  So I am thinking the easiest way to make this happen is to port forward all vpn traffic through the ASA to our Endian Firewall to access the VPN.  Anyhow, I am just hoping someone with higher knowledge can let me know if this is the best course of action or if there is another easier or more efficient way of doing this?
  Thanks for your comments in advance I am new to cisco technology,
  Joe        

  Wrong forum, post in "Secuirity - Firewalling". You can move your posting with the Actions panel on the right.

• Question about port forwarding 2 xbox 360s to get rid of NAT on one of them

  I have a xbox 360 with the official xbox 360 wireless antenna that is already set up for port forwarding and my NAT is fine.  My brother has a xbox 360 and he has a NAT problem but he doesn't have a official xbox 360 wireless antenna, he hooked up his laptop to his xbox 360 via ethernet cable and is using his laptops wireless card for the connection and he gets a NAT error when he tests his connection to xbox live.  Is it possible to port forward 2 xbox's?  I'm sure I have to set up some type of static IP for him but the thing is that I'm not sure what IP address to assign to him.  If it is possible, would he have to use a static IP address on his laptop since he's using that for a wireless connection?  If this is at all possible could someone post some step-by-step instructions on how I should set this up?  Below I will give you what I have set up for my xbox 360 to open up my NAT I just want to know what static IP I can use for him.  Can I use just any numbers?
  In my port forwarding tab in my wireless modem I have the following:
  and in my xbox i have the following settings:
  IP address: 192.168.1.20
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.1.1
  Primary DNS: 4.2.2.2
  Secondary DNS: 192.168.1.1
  I have all that entered for myself and my xbox NAT is open.  I just need to set up his xbox if it is at all possible.  Please help!!!
  P.S. My router is a WRT54GS v2.0 with updated firmware, just incase you need that info.
  Message Edited by nourotherleft on 01-08-2009 03:20 PM

  ok that still didn't help me.... he still has a NAT problem.... I don't....I went to port triggering and added the ports that you described but it didn't open his NAT... If the connection is going through his laptop(acting like the xbox 360's wireless antenna) wouldn't either his laptop or his xbox need a static ip? because I had to set up my xbox manually with the following addresses:
  ip: 192.168.1.20
  subnet mask: 255.255.255.0
  default gateway: 192.168.1.1
  primary dns: 4.2.2.2
  secondary dns: 192.168.1.1
  so in essence wouldn't his laptop need to be configured with some kind of static ip or something? because if he puts in what I just stated into his xbox it wont connect at all because I guess the ip's are conflicting....so what do I do now?

• Port forwarding for online gaming...dumb question

  Hi, I'm trying to set-up port forwarding for online gaming. There's a section that asks for port numbers, "Enter the starting numbers of the External Ports (the port numbers seen by users on the Internet)" Where do I find the numbers of the ports?

  http://portforward.com/cports.htm
  If the game isn't listed there, google for it.

• Port Forwarding Question for IP Camera with MI424WR-GEN3

  So just switched to fios from cable and trying to set up port forwarding on this new actiontec router so I can view my IP Camera from outside the house.
  The camera has a static IP address of 192.168.1.200  using port 8080 and I works fine if I type that IP address with the port into the browser inside the network.
  The IP Camera company requires you to port forward  port 80 (switched to 8080) 554 and 50000-60000.
  So I set up Portforwarding on the router like this:
  Networked Computer / Device
  192.168.1.200:8080
  Applications & Ports Forwarded
  IPCamera
  TCP 8080 -> 8080
  UDP 8080 -> 8080
  TCP 554 -> 554
  UDP 554 -> 554
  TCP 50000-60000 -> 50000-60000
  UDP 50000-60000 -> 50000-60000
  WAN Connection Type
  All Broadband Devices
  Status
  Active
  Now the problem is when I type my real IP address:  108.XX.XXX.37:8080 (from inside the network it pulls up the Fios router login page and when I pull it up outside the network I get page not found.  This isnt any different then I had previously done on my Netgear router, but I must be missing something on this actiontec one.  Any suggestions?
  Thanks
  Solved!
  Go to Solution.

  Howie411 wrote:
  The IP Camera company requires you to port forward  port 80 (switched to 8080) 554 and 50000-60000.
  So I set up Portforwarding on the router like this:
  Networked Computer / Device
  192.168.1.200:8080
  Applications & Ports Forwarded
  IPCamera
  TCP 8080 -> 8080
  UDP 8080 -> 8080
  TCP 554 -> 554
  UDP 554 -> 554
  TCP 50000-60000 -> 50000-60000
  UDP 50000-60000 -> 50000-60000
  WAN Connection Type
  All Broadband Devices
  Status
  Active
  Now the problem is when I type my real IP address:  108.XX.XXX.37:8080 (from inside the network it pulls up the Fios router login page and when I pull it up outside the network I get page not found.  This isnt any different then I had previously done on my Netgear router, but I must be missing something on this actiontec one.  Any suggestions?
  Thanks
  No port on the ip address
  Networked Computer / Device
  192.168.1.200
  should say tcp any on the left side of the arrow in all cases
  TCP any -> 8080
  UDP any -> 8080
  etc

• New network/port forwarding questions

  I just replaced my Airport Extreme with a 1TB TC and set up a primary network (AirNett) and a Guest network (Guest). I added Port Mapping entries for my computers (running Tiger), SlingBoxes and ReplayTVs (which are all ethernet-connected) and I have 1 laptop running Leopard and 1 running Tiger. We also have 2 iPhones.
  The wired devices all seem to connect just fine. Occasionally, there is a delay in the connection (30 sec-1 min), but once it connects, they seem to stay connected.
  The laptops take too long to connect to the AirNett network. If they do connect, it seems that the connection comes and goes. The iPhones have yet to connect to AirNett.
  The Guest network serves all the wireless devices just fine, BUT, it does not allow connections to the Port Forwarding devices.
  So, 2 issues... any ideas about :
  1) why my primary network (AirNett) is not working properly for my wireless devices and
  2) why my Guest network does not allow the Port Forwarding connections.
  TIA for any suggestions.
  Scott

  That was my point - all my lan ports that use port 80 can point at port 80, and long as the WAN ports point at something else. The trouble is, I am restricted to only using 80,81 and 443 on the LAN side, which limits me to 3 (not counting 8080 for my routers web gui)
  So that means with my two web cams and web gui on my NAS drive, I am unable to log into any other web interfaces on my LAN, unless I log into my router first, disable one port forward and enable another (using the same WAN port of 80 or 81) - which is doable but a PITA..
  This is what is looks like on the router:
  For example, if I change the port from field for the "tranmission" entry to anything but 80 or 81, it will not work, so if I want to get into my torrent gui on my NAS drive I have to disable "cam1" and enable "transmission"
  I checked with my ISP and they are not blocking any ports, so I'm not sure how to get around this, unless I can serve up a page that shows feeds from more than one camera and serve it from one source, ie my router or NAS drive.