[lug] funky portforwarding ssh tunneling problem

Hugh Brown hugh at vecna.com
Fri Sep 14 12:07:40 MDT 2001 

Thank you that did the trick.

Hugh

"dan radom"
> 
> nope.  as long as the linuxserver can you'll be good.
> 
> dan
> 
> * Hugh Brown (hugh at vecna.com) wrote:
> > Does this require that mainframe be capable of accepting ssh connections?
> > 
> > Currently, all I can count on is the mainframe accepting telnet connections
> > and two linux boxes that I have complete control over.
> > 
> > Hugh
> > 
> > 
> > "dan radom"
> > > 
> > > It seems my first reply didn't make it to the list for some reason.  What you need to do is...
> > > 
> > > ssh -L5000:mainframe:23 user at linuxserver
> > > 
> > > What you have says forward localhost (-L) to localhost.  that won't work :)
> > > 
> > > Here's what I use...
> > > 
> > > ssh -2 -L9110:pop:110 -L 9111:pop:25 -L8080:webproxy:80 -L7326:icb:7326 dradom at ssh.redback.com
> > > 
> > > dan
> > > 
> > > 
> > > * Hugh Brown (hugh at vecna.com) wrote:
> > > > I have an old legacy mainframe that only accepts telnet connections.  I
> > > > want to secure as much of the traffic to it as I can.  So, I am putting a
> > > > linux box next to it (on the same subnet) and I am setting up an ssh tunnel
> > > > to the linux box.  I want to use the linux box to forward that port to the
> > > > mainframe.
> > > > 
> > > > client<----ssh tunnel----->linuxserver<---portforward--->mainframe
> > > > 
> > > > I want to be on the client and type `telnet localhost 5000` and have it
> > > > make it to the mainframe with the data encrypted most of the way.
> > > > 
> > > > on client I have done this:
> > > > 
> > > > ssh -L 5000:localhost:23 linuxserver
> > > > 
> > > > on the linux server I tried allowing access on the telnet port and doing
> > > > this
> > > > 
> > > > ipmasqadm portfw -a -P tcp -L linuxserver 23 -R mainframe 23
> > > > 
> > > > but I am having no luck with the linuxserver to mainframe jump.
> > > > 
> > > > I am not dead set on using ipchains and ipmasqadm but I do need to be able
> > > > to encrypt the traffic from client to linuxserver and to be able to 
> > > > 
> > > > client% telnet localhost 5000 
> > > > 
> > > > and get exactly the same thing as if I had done:
> > > > 
> > > > client% telnet mainframe
> > > > 
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > 
> > 
> > ------------------------------------
> > System Administrator/Unix Consultant
> > hugh at vecna.com
> > Vecna Technologies, Inc
> > 6525 Belcrest Rd, Suite 612
> > Hyattsville MD, 20782
> > 301.864.7253
> > http://www.vecna.com
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 

------------------------------------
System Administrator/Unix Consultant
hugh at vecna.com
Vecna Technologies, Inc
6525 Belcrest Rd, Suite 612
Hyattsville MD, 20782
301.864.7253
http://www.vecna.com

More information about the LUG mailing list