[lug] WRT54GL is snarfing ssh port-forwarded HTTP traffic

Jed S. Baer blug at jbaer.cotse.net
Sat Jun 9 12:37:57 MDT 2012


Hi Folks.

I'm trying to get an ssh tunnel to work, so I can let a few folks connect
securely to a wiki on my local machine, and I don't have to worry about
having http or https ports open to the world. My sshd is working fine,
and I've gotten the tunneling working fine when my test remote machine is
on the LAN -- I'll call it "A", and the host, my local machine, "B".

BTW, I know my sshd is working, because I use it to connect to machine B
from work all the time, just ssh-ing to a terminal. I've also made sure
that sshd-config is set to allow tunnels (probably irrelevant, as I
think the permittunnel option applies to using the tun device, not
port-forward type "tunnels").

So I take machine A and connect to a wifi network, to tunnel in to B, as
follows:
ssh -L 10101:hostname:80 -p portnum user at hostname
where portnum is the port sshd is listening on, on host B

and I get logged in fine, I can use the command line, hostname looks
correct, etc.

When I fire up a web browser to connect to http://localhost:10101/, what
happens is I get the http auth dialog from the WRT's internal web server.
If I attempt to use http://localhost:10101/doku/ I get an error page
showing '400 bad request illegal filename'.

The thing that bugs me about this is if traffic is running encrypted over
an ssh tunnel, how the heck could the WRT be snarfing up the packets to
interpose itself?

I've used wireshark to try to see what's happening, and nothing reveals
itself. I don't see unencrypted http packets outbound from A. If I snoop
on eth0 and the loopback device on B, there's nothing to see, because
nothing is getting through. If I snoop on the ethernet device on A I see
the unencrypted traffic from the WRT.

I turned on logging on the WRT, and it showed no port access at all for
my ssh port.

The WRT54GL is running the factory software.
Machine A is LinuxMint11, OpenSSH 5.8
Machine B is Ubuntu 9.10, OpenSSH 5.1

I was hoping to find a sort of debug option for ssh that says, "do this
stuff, but use no encryption so I can see what's going on the wire", but
if that's an option, I can't find it. At any rate, I'm pretty sure
there's no ssh problems, since it works fine when I run it over the LAN.

Any thoughts?

Thanks,
jed



More information about the LUG mailing list