[nSLUG] Open port on Ubuntu box
jonathan.anderson at ieee.org
Thu Jul 19 14:01:40 ADT 2007
Yeah, I use Ubuntu, and I can connect to any port I want. In fact,
running "iptables -L" modprobes ip_tables first, so iptables aren't even
running until I ask about them.
On July 19, 2007, Daniel Morrison wrote:
> On 18/07/07, sbo at eastlink.ca <sbo at eastlink.ca> wrote:
> > I have been trying to connect to an Ubuntu box through a given port
> > (let's take 10001 for example). I have not been able to do so, but I
> > can easily SSH into it and see what I need to see. I assume that the
> > firewall is not preventing me since I can get in through port 22.
> Poor assumption, but AFAIK Ubuntu does not implement strict firewall rules
> by default, so your assumption may be correct unless there's something
> you're not telling us about your installation.
> You haven't said that there is a service listening on port 10001, or even
> what type of service isn't listening on that port.
> And no one has addressed your question:
> > How can I open a port
> > through my SSH session (terminal session)? What is the appropriate set
> > of commands?
> Open a port through your ssh session? You must mean for listening? If
> not, then...
> If you've got an sshd on the server listening on a non-standard port, say
> because you've changed the 'Port' configured in /etc/ssh/sshd_config, or
> launched sshd with the '-p 10001' command line option, then you can
> connect to it from afar with the '-p' command line option to ssh:
> ssh -p 10001 my.server.com
> and for scp (note the capital -P):
> scp -P 10001 afile user at my.server.com:
> If you want your normal ssh session to listen on port 10001 (which is how
> I interpret your question), then -- well, first you have to bear in mind
> that ssh will listen, but only in order to forward somewhere else through
> the ssh connection. Somewhere, on some system, you need some server
> process listening.
> Let's say you're sitting on a gateway to a private network. Your remote
> Ubuntu machine is on the public Internet, and can't reach your private
> network, but you want someone to be able to connect to it on port 10001
> and reach a service inside your private network. If you ssh to your ubuntu
> machine from your gateway, you can add the '-R' command line to tell it
> start listening on port 10001 (on the 'R'emote ubuntu machine). Anything
> connecting to that port on the remote system will get forwarded through
> your ssh session, and get sent to the location you specify -- say a web
> server on your private network, reachable only from the gateway you're
> sitting on.
> user at gateway~$ ssh -R 10001:private.web.server:80 user at remote.ubuntu.org
> So now someone on remote.ubuntu.org could connect to tcp port 10001 on the
> localhost, and wind up talking, through your ssh connection, to
> private.web.server port 80. From the web server's point of view, the
> connection appears to originate from the gateway.
> Caveat: forwarding remote ports works only for people connecting to
> localhost. If you really want to make it work for _everybody_ on the big
> bad Internet, do this:
> user at gateway~$ ssh -R :10001:private.web.server:80 user at remote.ubuntu.org
> Or you can enable the 'GatewayPorts' option. Read the ssh(1) man page
> under the '-R' option, and sshd_config(5) man page for details.
> You can do the same thing in reverse (listen, and forward from a port on
> the local system to a destination reachable by the remote system) by using
> the '-L' (local port forward option). This makes sense if your remote
> Ubuntu system is a gateway to a private network, and you want to reach
> inside that private network from where you are on the public internet.
> Other than reversing the direction of travel, it works exactly the same
> way. But since you're asking about listening on a remote machine, I think
> it's the '-R` you want.
> Finally you imply in your question that you want to start listening after
> your ssh session is already established. No problem:
> user at gateway~$ ssh user at remote.ubuntu.org
> user at remote~$ ~C
> ssh> -R 10001:private.web.server:80
> Forwarding port.
> user at remote~$ telnet localhost 10001
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> I hope this was at least interesting, even if it missed the mark answering
> your question. You might try being a bit more specific about what it is
> you're trying to do...
> nSLUG mailing list
> nSLUG at nslug.ns.ca
jonathan.anderson at ieee.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the nSLUG