[nSLUG] Open port on Ubuntu box

Jonathan Anderson jonathan.anderson at ieee.org
Thu Jul 19 14:01:40 ADT 2007


Yeah, I use Ubuntu, and I can connect to any port I want. In fact, 
running "iptables -L" modprobes ip_tables first, so iptables aren't even 
running until I ask about them.


#!/jon

On July 19, 2007, Daniel Morrison wrote:
> On 18/07/07, sbo at eastlink.ca <sbo at eastlink.ca> wrote:
> > I have been trying to connect to an Ubuntu box through a given port
> > (let's take 10001  for example).  I have not been able to do so, but I
> > can easily SSH into it and see what I need to see.  I assume that the
> > firewall is not preventing me since I can get in through port 22.
>
> Poor assumption, but AFAIK Ubuntu does not implement strict firewall rules
> by default, so your assumption may be correct unless there's something
> you're not telling us about your installation.
>
> You haven't said that there is a service listening on port 10001, or even
> what type of service isn't listening on that port.
>
> And no one has addressed your question:
> > How can I open a port
> > through my SSH session (terminal session)?  What is the appropriate set
> > of commands?
>
> Open a port through your ssh session?  You must mean for listening?  If
> not, then...
>
> If you've got an sshd on the server listening on a non-standard port, say
> because you've changed the 'Port' configured in /etc/ssh/sshd_config, or
> launched sshd with the '-p 10001' command line option, then you can
> connect to it from afar with the '-p' command line option to ssh:
>
>    ssh -p 10001 my.server.com
>
> and for scp (note the capital -P):
>
>    scp -P 10001 afile user at my.server.com:
>
> If you want your normal ssh session to listen on port 10001 (which is how
> I interpret your question), then -- well, first you have to bear in mind
> that ssh will listen, but only in order to forward somewhere else through
> the ssh connection.  Somewhere, on some system, you need some server
> process listening.
>
> Let's say you're sitting on a gateway to a private network. Your remote
> Ubuntu machine is on the public Internet, and can't reach your private
> network, but you want someone to be able to connect to it on port 10001
> and reach a service inside your private network. If you ssh to your ubuntu
> machine from your gateway, you can add the '-R' command line to tell it
> start listening on port 10001 (on the 'R'emote ubuntu machine).  Anything
> connecting to that port on the remote system will get forwarded through
> your ssh session, and get sent to the location you specify -- say a web
> server on your private network, reachable only from the gateway you're
> sitting on.
>
> user at gateway~$ ssh -R 10001:private.web.server:80 user at remote.ubuntu.org
>
> So now someone on remote.ubuntu.org could connect to tcp port 10001 on the
> localhost, and wind up talking, through your ssh connection, to
> private.web.server port 80.  From the web server's point of view, the
> connection appears to originate from the gateway.
>
> Caveat: forwarding remote ports works only for people connecting to
> localhost.  If you really want to make it work for _everybody_ on the big
> bad Internet, do this:
>
> user at gateway~$ ssh -R :10001:private.web.server:80 user at remote.ubuntu.org
>
> Or you can enable the 'GatewayPorts' option. Read the ssh(1) man page
> under the '-R' option, and sshd_config(5) man page for details.
>
> You can do the same thing in reverse (listen, and forward from a port on
> the local system to a destination reachable by the remote system) by using
> the '-L' (local port forward option).  This makes sense if your remote
> Ubuntu system is a gateway to a private network, and you want to reach
> inside that private network from where you are on the public internet.
> Other than reversing the direction of travel, it works exactly the same
> way.  But since you're asking about listening on a remote machine, I think
> it's the '-R` you want.
>
> Finally you imply in your question that you want to start listening after
> your ssh session is already established.  No problem:
>
> user at gateway~$ ssh user at remote.ubuntu.org
> user at remote~$ ~C
> ssh> -R 10001:private.web.server:80
> Forwarding port.
>
> user at remote~$ telnet localhost 10001
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
>
>
> I hope this was at least interesting, even if it missed the mark answering
> your question.  You might try being a bit more specific about what it is
> you're trying to do...
>
> -D.
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug



-- 
Jonathan Anderson

jonathan.anderson at ieee.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20070719/dca37656/attachment-0002.pgp>


More information about the nSLUG mailing list