login about faq

Does Tectia Server have a GatewayPorts setting like sshd? I want to expose some forwarded ports externally.

From the sshd man page...

         Specifies whether remote hosts are allowed to connect to ports 
         forwarded for the client.  By default, sshd(8) binds remote port
         forwardings to the loopback address.  This prevents other remote
         hosts from connecting to forwarded ports.  GatewayPorts can be
         used to specify that sshd should allow remote port forwardings to
         bind to non-loopback addresses, thus allowing other hosts to con-
         nect.  The argument may be "no" to force remote port forward-
         ings to be available to the local host only, "yes" to force
         remote port forwardings to bind to the wildcard address, or
         "clientspecified" to allow the client to   select the address to
         which the forwarding is bound.  The default is "no"

I'm trying to accomplish the above, but need some guidance with the correct settings.

asked Jul 28 '15 at 05:05

Matt's gravatar image


edited Jul 29 '15 at 04:54

The solution here is two fold.

1) On the remote client you have to specify the IP you want to want to bind if you omit this, regardless of what you have in the server config, the reverse tunnel command will always attempt to bind using localhost.

This client is making a reverse connection to the server in this case the servers public IP is 222.333.444.555 because no bind ip is specified, this command will always bind to localhost.

ssh -gfnNT -R 61122:localhost:22 RemoteClient@222.333.444.555

The above command will always bind to localhost on the server. The solution is this example... Here we are telling the client to bind to the servers local IP which is

ssh -gfnNT -R RemoteClient@222.333.444.555

2) On the server in config xml you can use the tunnel-remote rule to set the listen address and port.

  <tunnel-remote action="allow">
  <listen address="" port="61122" />

alternatively you can set tunnel-remote to accept anything

  <tunnel-remote action="allow" />

or you can set tunnel-remote to accept a port range

  <tunnel-remote action="allow">
  <listen port="61122-61199" />

Now employees in the same network as the ssh server can connect to the remote client using the ssh servers local IP like so

ssh RemoteClientsUserAccount@ -p 61122

answered Aug 12 '15 at 23:07

Matt's gravatar image


Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Jul 28 '15 at 05:05

Seen: 6,046 times

Last updated: Aug 12 '15 at 23:07

Related questions

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.