Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: j_secreto on April 05, 2011, 05:27:47 PM
-
Please forgive my bad English. I'll try to do my best.
I've two sme 7.5.1, performing like gateways, in two different locations. I've set up one of them (server1) to accept shh connections, authenticating by public/private keys. This is working fine. I can log in and can redirect ports, what is the reason why I'm doing this :-)
The problem appears when i try to make a tunnel from the server2 and use it. Ssh connects to server1, logs in and gives me a prompt, but the tunnel doesn't work.
The scenario is like this:
ts=terminal server
win-ts-server --- server1 --- internet --- server2 --- win-ts-client
The string of connection in server2 is
ssh -L 9999:win-ts-server-ip:3389 useroftunnel@server2-public-ip
Then i try to open a ts-client from win-ts-client to server2:9999 and the connection times out, as if there were no ts-server.
But, making the same tunnel from win-ts-client, with a putty client and redirecting win-ts-server-ip:3389 to localhost:9999, the ts-client connects o this port without problem.
I sought in google for ssh tunnel rdp port redirection, even sme, and found a lot of things not related with this trouble. At least, I'm not smart enough to see that.
If anyone has encountered this problem and have any clue for me, I'll be very grateful.
I'll post any further information required, of course.
Thank you so much, for read me.
Jorge
-
win-ts-server --- server1 --- internet --- server2 --- win-ts-client
The string of connection in server2 is
ssh -L 9999:win-ts-server-ip:3389 useroftunnel@server2-public-ip
If I've understood your intention correctly, this should be:
ssh -L 9999:win-ts-server-ip:3389 useroftunnel@server1-public-ip
-
Yes, of course. Thank you for the hint.
Definitely, I am not smart :-)
-
Please forgive my bad English. I'll try to do my best.
I've two sme 7.5.1, performing like gateways, in two different locations. I've set up one of them (server1) to accept shh connections, authenticating by public/private keys. This is working fine. I can log in and can redirect ports, what is the reason why I'm doing this :-)
The problem appears when i try to make a tunnel from the server2 and use it. Ssh connects to server1, logs in and gives me a prompt, but the tunnel doesn't work.
The scenario is like this:
ts=terminal server
win-ts-server --- server1 --- internet --- server2 --- win-ts-client
The string of connection in server2 is
ssh -L 9999:win-ts-server-ip:3389 useroftunnel@server1-public-ip
Then i try to open a ts-client from win-ts-client to server2:9999 and the connection times out, as if there were no ts-server.
But, making the same tunnel from win-ts-client, with a putty client and redirecting win-ts-server-ip:3389 to localhost:9999, the ts-client connects o this port without problem.
After some more googling, and further readings of man, I supposed that the problem would be related to firewall. So, first, I tried with:
ssh -o GatewayPorts=yes -b server1-private-ip -L 9999:win-ts-server-ip:3389 useroftunnel@server1-public-ip
with no success. Hence I searched for firewall configuration.
I was tinkering with
config set rdp service TCPPort 9999 access public status enabled/disabled
config set rdp service TCPPort 9999 access private status enabled/disabled
(with the corresponding 'signal-event remoteaccess-update' between them)
without success until, I don`t know why, the tunnel began to work.
Really, I don't know why didn't work, neither why, now, it does.
There is no rule, now, in the firewall related to port 9999 or 3389. Even if I make the tunnel in a port that I didn't use in firewall tinkering, it works. Perhaps I've misinterpreted what happened but it took me several days to fix it. Fortunately, in the process I learned a lot.
The final conclusion is that
ssh -o GatewayPorts=yes -b server1-private-ip -L 9999:win-ts-server-ip:3389 useroftunnel@server1-public-ip
do what i need.
Thank you for reading me. Hope this helps someone.
Jorge