1

How to forward a server socket to a (possibly ssh) client

view story
linux-howto

http://serverfault.com – I'm wondering if/how I can realize the following setup. It doesn't seem to fit the standard ssh port forwarding model. I have a client machine A. I have a server application running on machine A, which listens on port X. However, machine A is behind a common IP-address (shared by many users) so it can't receive incoming connections to port X from the internet. However, I have access to a machine, B, in Amazon EC2 and it would be OK connections would go through that machine. It's not possible to move the application to this machine in EC2. Hence, what I want, is to have machine B listen on po (HowTos)

dayu's picture
Submitted by dayu on 01/06/2013

Stories similar to How to forward a server socket to a (possibly ssh) client

Lets say there is Machine A (Ubuntu) in Network A and Machine B in Network B. There is also Machine C (Windows 7) in Network B and I can access it through RDP from Machine A. What I need is to be able to reach Machine B from Machine A (i.e. can ping it, connect to arbitrary port, etc). How can I manage something like this?

PS: Network B is a dmz, i.e.

Hello,

I've run into a bit of a puzzle and haven't had much luck finding a solution. Right now I am (sadly) connected to the net via Verizon 3G.

Port forward to VPN Client? 26 weeks 4 days ago

I've run into a bit of a puzzle and haven't had much luck finding a solution. Right now I am (sadly) connected to the net via Verizon 3G. They filter all incoming traffic so it is impossible for me to open ports to accept connections.

I currently have a linux virtual machine at linode.com, and the thought crossed my mind to install pptpd and attempt to do some iptables port forwarding.

Till recently, I assumed that Microsoft NLB worked at an OS/Machine level rather than an Application Level. i.e. the NLB just monitors heartbeats on the machine to check if machine is alive and then switches off a particular node if it's gone down.

However, I found this comment on a server fault question which claims differently.

I have a web server running on port 8080. I'd like to visit it via port 80, so I did this:

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080

it works if i access the server from other machines using

http://ipoftheserver/

but it doesn't work if I access the server from the same machine using

http://localhost/

why is that?

thanks in advance.

I am using SSH to forward a port on a remote machine (Client) to another machine (Server) using (~/.ssh/config)

Host Client:

Hostname {ip} ... RemoteForward localhost:{port} localhost:{port}

The problem is that even when there is not one listening on the Server, the client can connect successfully to localhost:port.

I have a python application listening on port 9001 for HTTP traffic.

I'm trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine.

Here's my scenario:

Setup

There are 3 machines:

A: on the internet : has ip (a.a.a.a), has port pa open

B: my server / gateway : has ip (b.b.b.b), has port pb open

C: on the internet : has ip (c.c.c.c), has port pc open

Constraints

The owner of machine A offers a service via port pa that must be accessed on machine C via port pc.

Is it true to say:

A) OUTPUT chain is for the packets that are "generated" by the machine itself i.e. OUTPUT chain affects connect() function.

B) INPUT chain is for packets that are "addressed to" and will end at the machine i.e INPUT chain affects bind() and listen() functions.

If yes, why would you want to control these features on a firewall?