How can I convince the openssh server to perform remote forwarding? What could cause this failure? So clearly my configuration is being set correctly, but it seems that the client still thinks the server cannot do port forwarding. Indeed, running with ssh -ddd inside the docker container, then connecting with the line above shows first: debug3: /etc/ssh/sshd_config:91 setting GatewayPorts yesĭebug3: /etc/ssh/sshd_config:92 setting AllowTcpForwarding yesĭebug3: /etc/ssh/sshd_config:93 setting AllowStreamLocalForwarding yesĭebug3: /etc/ssh/sshd_config:94 setting PermitTunnel yesĭebug3: /etc/ssh/sshd_config:95 setting UsePrivilegeSeparation noįollowed by: debug1: server_input_global_request: rtype tcpip-forward want_reply 1ĭebug1: server_input_global_request: tcpip-forward listen localhost port 2024ĭebug1: server_input_global_request: rtype want_reply 0 However, my sshd_config seems to think it is: # tail /etc/ssh/sshd_config -n 5 Which sounds a lot like my sshd isn't setup to allow remote port forwarding. Warning: remote port forwarding failed for listen port 2024ĭebug1: All remote forwarding requests processed ĭebug1: Remote: Server has disabled port forwarding.ĭebug1: remote forward failure for: listen 2024, connect localhost:22 For debuggers that call back to the originating ip (such as php xdebug) this means docker cannot be used to debug anything. This is not the ip address of the actual machine that made the call.
I have installed and applying the following simple rule: iptables -A FORWARD -i eth1 -o eth0 -j. Youll see an ip in the logs with something like 172.17.0.1, take note of that. I need to forward traffic from eth1 to eth0. docker run -it -netnone -cap-addNETADMIN -name firewall ubuntu /bin/bash after I have attached it two interfaces eth0 and eth1. Connecting with ssh -vvv in the first step above gives. I have created a docker container executing the following command. This all works great when it's not dockerized, however when I tried to move this to a dockerized service, I found that my sshd server within the docker container stubbornly refuses to open remote port forwards. Next, I connect to the remote server on port 2024 so as to follow the tunnel back down and connect to localhost:22 on bob: ssh -p 2024 rver Example:įirewalled computer "Bob" connects to proxy server: ssh -R 2024:localhost:22 -N rver In essence, I have an SSH service listening inside of a docker container, that my other computers connect to, opening a reverse-SSH port forwarding, and then if I want to connect to a computer behind a firewall, I instead connect to my dockerized proxy server on the reverse port.
I'm trying to setup a docker container that I use to bypass firewalls/NAT's to allow SSH access to the computers behind these routing barriers.
0 kommentar(er)
