I wanted to give http access to my VoIP phone to users on remote LAN ... MyPhone --- MyFirewall ===== internet ====== RemoteFirewall --- LAN \___________________________________________________/ tunel I run this as noro@MyFirewall: ssh -R RemoteFirewallLanIP:12345:MyPhone:80 RemoteFirewall Now I check what's happened on RemoteFirewall: netstat -ln | grep 12345 and received this output: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN ^^^^^^^^^^ but expected this: tcp 0 RemoteFirewallLanIP:12345 0.0.0.0:* LISTEN ^^^^^^^^^^ i.e. it look's like I run the command: ssh -R \*:12345:MyPhone:80 RemoteFirewall which is a bug Notes: - on both ends is kernel 2.6.16-gentoo-r6 and openssh-4.3_p2-r1 - if I allow input to port 12345 on public interface on Remote firewall, it's really possible to connect to the phone !!! - if GatewayPorts option is disabled (default), port binds only to localhost, which is correct
*** This bug has been marked as a duplicate of 133112 ***
.