I wanted to give http access to my VoIP phone to users on remote LAN ... MyPhone --- MyFirewall ===== internet ====== RemoteFirewall --- LAN \___________________________________________________/ tunel I run this as noro@MyFirewall: ssh -R RemoteFirewallLanIP:12345:MyPhone:80 RemoteFirewall Now I check what's happened on RemoteFirewall: netstat -ln | grep 12345 and received this output: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN ^^^^^^^^^^ but expected this: tcp 0 RemoteFirewallLanIP:12345 0.0.0.0:* LISTEN ^^^^^^^^^^ i.e. it look's like I run the command: ssh -R \*:12345:MyPhone:80 RemoteFirewall which is a bug Notes: - on both ends is kernel 2.6.16-gentoo-r6 and openssh-4.3_p2-r1 - if I allow input to port 12345 on public interface on Remote firewall, it's really possible to connect to the phone !!! - if GatewayPorts option is disabled (default), port binds only to localhost, which is correct
> if GatewayPorts option is disabled (default), port binds only to localhost, I'd suggest to read the fine manual: man 5 sshd_config <snip> GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be ``no'' to force remote port forwardings to be available to the local host only, ``yes'' to force remote port forwardings to bind to the wildcard address, or ``clientspecified'' to allow the client to select the address to which the forwarding is bound. The default is ``no''. </snip> So - where exactly is the bug?
*** Bug 133115 has been marked as a duplicate of this bug. ***
*** Bug 133116 has been marked as a duplicate of this bug. ***
Reopen to redupe.
*** This bug has been marked as a duplicate of 133115 ***
.