Here are somethings to check.

Post #216,967 by folkert 8/2/05 9:33:26 AM 8/2/05 9:37:17 AM Reply	Here are somethings to check. In order for the tunnel setup to succeed you must be allowed to connect via ssh as "-p $XXXX $user@$IP", just as if you had attempted to use ssh to set up a terminal session. Also, make sure that you local port is not a Priv'd port (<1024) as only root can do those. The tendency of you to try $YYYY being 3128 would be an obvious choice, nope, use something else. It is common for ssh to lose track if both ends are the same port. Making it 13128, would be better. And check to see what the other end reported in the logs to see what failed, as there WILL be something in either syslog or messages or secure or all three. Make sure you haven't disallowed port forwarding on the remote end. with -L sometimes you need to specify the acutal address of the local interface, not always, depends on something. In any case use ssh -p $XXXX -L 127.0.0.1:$YYYY:$IP:3128 $user@$IP Also, one thing to check, can you do X forwarding from the remote machine period? (ssh -X $user@$IP) then run something like xterm or a applet or something. And -R is the wrong way for port forwarding. That gets the remote side to channel traffic to the port on the remote side to the local machine. Won't work unless you are tryin to get some at work working from a machine at home. So, if you were running a DB locally you'd like the remote machine to connect to it... etc. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* [image\|http://www.danasoft.com/vipersig.jpg\|\|\|\|] Edited by folkert Aug. 2, 2005, 09:37:17 AM EDT Expand All History
Post #217,039 by ben_tilly 8/2/05 12:20:09 PM Reply	I've done most of that. I can ssh. Check. The local port is not privileged. Check. The local port differs from the remote. Check. I have not been able to find anything in the logs about my problem either locally or remotely. I can only find the message in auth.log about my successfully connecting. The remote configuration says for logging: \n# Logging\nSyslogFacility AUTH\nLogLevel INFO\n#obsoletes QuietMode and FascistLogging\n It may be that I need to change something there. There is nothing at the remote end about port forwarding other than that X11 is allowed. However when I tried to do X11 forwarding I got a message about not being allowed to write to my .Xauthority file. When I change permissions on it I can't lock it. (Probably because I'm running X on that machine already...) But I don't think that is a sign that ssh is disallowing port forwarding. Are there any configuration variables that I should be looking for or setting? From the documentation I thought that -R was the wrong way around. I just tried that as an experiment when -L kept on failing for me. What else should I check? Thanks, Ben I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Post #217,053 by ben_tilly 8/2/05 1:11:37 PM Reply	The problem has been narrowed down... In jabber we figured out that my loopback interface is running but has no address. I can't ping localhost. That makes it hard for ssh to use loopback if loopback fails. Here is ifconfig: \nlo Link encap:Local Loopback\n inet6 addr: ::1/128 Scope:Host\n UP LOOPBACK RUNNING MTU:16436 Metric:1\n RX packets:10494 errors:0 dropped:0 overruns:0 frame:0\n TX packets:10494 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:0\n RX bytes:3362754 (3.2 MiB) TX bytes:3362754 (3.2 MiB)\n Here is /etc/network/interfaces: \n# This file describes the network interfaces available on your system\n# and how to activate them. For more information, see interfaces(5).\n\n# The loopback network interface\nauto lo\niface lo inet loopback\n\n# This is a list of hotpluggable network interfaces.\n# They will be activated automatically by the hotplug subsystem.\nmapping hotplug\n script grep\n map eth0\n\n# The primary network interface\niface eth0 inet dhcp\n This is a very recent (version 5.04 rings a bell with me) version of Ubuntu. Ben I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Post #217,137 by ben_tilly 8/2/05 7:59:38 PM Reply	Another small step loopback gets messed up when I run dhconfig. But I can unmess it up (at least somewhat) by running /etc/init.d/networking restart. I can ping localhost and get a response. I can telnet the port on my end and connect to something. However anything I try to send/receive over that port goes into a black hole. :-( Ben I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Post #217,448 by folkert 8/4/05 11:52:09 AM Reply	hmm.... How about writing a script that redoes 127.0.0.1 and sets up the ssh tunnel at the same time. I'll work on this as soon as I can. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* [image\|http://www.danasoft.com/vipersig.jpg\|\|\|\|]
Post #217,576 by ben_tilly 8/4/05 8:46:32 PM Reply	No need now I can avoid that annoyance with "dhclient ath0". I got the whole thing to work just fine once I used a co-worker's home machine for the tunnel. (That is how I'm posting now.) And in a day or so I'll be on the plane back. This doesn't come up very often, I'll deal with it when it does. Cheers, Ben I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)

Welcome to IWETHEY!