ssh tunnel doesn't work - ssh

Even though tunnelling using ssh is a well discussed topic in internet, I couldn't make my setup proper. This is what the problem statement I have
-> I have two servers A and B.
-> I am trying to create a tunnel from A to B
-> In B I have echo server which is listening on port 34567
-> In A I have executed the command ssh -L 4444:10.106.251.90:34567 127.0.0.1
-> Netstat shows as follows
~ # netstat -na | grep 4444
tcp 0 0 127.0.0.1:4444 0.0.0.0:* LISTEN
tcp 0 0 ::1:4444 :::* LISTEN
-> In B I tried to check netstat -na | grep 4444 but there was no reference of it
-> In A I have echo client which writes into 127.0.0.1:4444
-> If I execute client in A, it doesn't forward. Instead it gives some 0 length string always
Is there any thing that I am missing here ?
Thanks
~S

Try using
ssh -L 4444:127.0.0.1:34567 user#10.106.251.90
This will open port 4444 on your local machine, forwarding packets to port 34567 of the remote machine.
# using on local
telnet 127.0.0.1 4444
# is the same as
# on remote
telnet 127.0.0.1 34567

Related

Create a SSH tunnel from a Jump host to a Database and access the database on Jump Host Port

I am trying to create a SSH tunnel between a database running server port and another server as the following.
MySQL:3306 <=====> Server-A:3306
And I want to use the Server-A:3306 as the database URI to connect to the database.
I am running the following on ServerA
ssh -f -N -i ~/keys/test.pem foo#foo.storesandbox.com -L5001:127.0.0.1:2001
I can see that the tunnel is up and running. But when I use the public IP of Server-A and try to connect to the database, It does not work.
If I create another tunnel between between Server-A and where I run the MySQL client. then it works. But I don't want to do that.
What can be the reason for this issue. I am fairly new to scripting
by default local side (ssh client) creates listening port at loopback interface with address 127.0.0.1 when you use command like this
ssh me#server -L3306:localhost:3306
if you check netstat on your host you will see something like this
sudo netstat -ntlp | grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 12354/ssh
So applications at your local node can connect to such mapped service because loopback interface is visible to host itself but external nodes have no access to this virtual interface so can't make any connections to any service(port) which is listening on this single interface.
To instruct local ssh client to share such mapped port to the world you need to instruct it to bind to either all interfaces (including loopback) or to specific interface only
# here you explicitly tell ssh client to accept connection to your tunnel
# from any client(i.e. bind listenning port to all interfaces)
ssh me#server -L0.0.0.0:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#here you do the same thing by using -g option
ssh me#server -g -L3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12354/ssh
#and here is an example of how to bind to specific interfaces only
# 10.0.0.12 is an IP of one of interfaces on your node
# 10.1.0.156 is also IP address of one interfaces of your node
ssh me#server -L10.0.0.12:3306:localhost:3306 -L10.1.0.156:3306:localhost:3306
sudo netstat -ntlp | grep 3306
tcp 0 0 10.0.0.12:3306 0.0.0.0:* LISTEN 12354/ssh
tcp 0 0 10.1.0.156:3306 0.0.0.0:* LISTEN 12354/ssh

Why isn't netcat udp message being recieved by netcat listener?

I have netcat listening for udp traffic on port 8125 in terminal 1
nc -ul 8125
and in terminal 2 I run the following (a test dogstatsd message for troubleshooting a datadog client connection):
echo "test_metric:1|c" | nc -u -w 1 -v localhost 8125
#found 0 associations
#found 1 connections:
# 1: flags=82<CONNECTED,PREFERRED>
# outif lo0
# src ::1 port 50397
# dst ::1 port 8125
# rank info not available
#Connection to localhost port 8125 [udp/*] succeeded!
I would expect to see test_metric:1|c show up in the output of terminal 1, but there is no output at all.
Can you help me understand why the udp message is not showing up and how to successfully send the udp message?
I still don't know why it makes a difference, but adding the -4 option made it work
echo "test_metric:1|c" | nc -u -4 -w 1 localhost 8125
Here's the man page on the option:
-4 Forces nc to use IPv4 addresses only.

Cant acces rabbitmq through the web interface?

I just installed rabbitmq on a 14 ubuntu, adjusted the hostname in the /etc/hosts files, in the following format 127.0.0.1 hostname.
I can see the web console with curl localhost:15672, but when I try to access it with the browser, it just won't open?
I can see the port with netstat:
netstat -nptl | grep 15672
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 29997/beam
But I can't see it with nmap:
nmap -sT -O localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-16 19:52 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00022s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
I also enabled the web interface in rabbitmq, made the user and all that, but when I try to access it through the browser http:/my-ip-address:15672(5672), the web page just times out?
Tnx,
Tom

shutdown system saftly glassfish and apache

I have two server glassfish and apache, when maintaining the sysytem i want to make sur that i have no connecting client, or stop receiving new clients and wait for the current clients until they finish theire tasks then shutdown the system. how can i do this from linux servers ?
I used netstat -nap | grep :80 but since i have actife connection between glassfish and apache i dont know how to determine the exact number of connected clients.
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1825/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1703/httpd
I assume apache listens on port 80 and glassfish on port 8080. You can go with your command or you can use this:
netstat -nat | grep :80 | grep EST
That will output the established connections on port 80 and port 8080 (if there are any).
If you want real-time stats you could use this:
netstat -ntapc | grep :80 | grep EST
-c reloads the output every second

Putting a port in a remote server SSH tunneling

I need to know if is possible to put a local port in a remote machine via ssh tunneling
Example
Machine A: port 80
Machine B: Nothing
Inside Machine A (important, because A can see B, but B can't see A)
A> ssh -f -N -? 80:B:8585 user#B
result
Machine A: port 80
Machine B: port 8585 (really A:80)
Thanks in Advance
You need the -R switch
ssh -f -N -R 8585:localhost:80 user#B
localhost is from A's perspective, so it means to forward port 8585 on B to port 80 on A.
See also the RemoteForward setting in your ~/.ssh/config.