Home » Forums » Mac OS X Products » Meerkat

Forwarding Local Network Service to Internet Server

6 replies [Last post]
February 16, 2010
ElBarteros
Offline
Joined: 02/16/2010

Hello,

i need a little help with my setup.

I want to forwarding a service in my local network (192.168.1.3:80) to my internet server via meerkat.

Setup:
I Want to Reach: 192.168.1.3
Port: 80
As If Were On: This Mac
Available At: InternetServer
Port: 8080

When i try to launch the webbrowser on my internet-server with: http://127.0.0.1:8080 the page cannot be displayed.

The same setup with a windows pc work perfect. (Remote: 8080:192.168.1.3:80).

Is in meerkat a limitation?

5
Average: 5 (1 vote)
Top
February 16, 2010
#1
Justin
Justin's picture
Offline
Joined: 05/28/2008
Everything you've mentioned

Everything you've mentioned sounds like it should work. At this point, I would recommend that you right-click the tunnel in Meerkat, select "Copy Command", and paste the resulting command into Terminal to try.

Just to clarify, when you are tunneling from Windows, you are still accessing the LAN service on the remote server via 127.0.0.1? Or a public IP?

Also, not that it should matter, but what kind of server is the endpoint (where you're setting up 8080)?

Top
February 17, 2010
#2
ElBarteros
Offline
Joined: 02/16/2010
Thx for you answer. And sorry

Thx for you answer. And sorry for my bad english.

The endpoint is a windows server 2003 with freeSSHd.

The Terminal output:
~ MyMac$ /usr/bin/ssh -p 2222 -l megara -N -o ConnectTimeout=5 -o TCPKeepAlive=yes -o NumberOfPasswordPrompts=1 -o ControlMaster=no -o PreferredAuthentications=password,keyboard-interactive -R 8080:192.168.1.3:80 xx.xx.xx.xx
user@xx.xx.xx.xx's password:
Warning: remote port forwarding failed for listen port 8080

But why does that fails?

Then from my mac with parallels desktop Windows with MyEnTunnel & plink.exe:

[19:11:25 02/17] Launching: plink.exe xx.xx.xx.xx -N -ssh -2 -P 2222 -l "user" -R 8080:192.168.1.3:80 -v
[19:11:25 02/17] Launching executable
[19:11:25 02/17] plink.exe: Looking up host "xx.xx.xx.xx"
[19:11:25 02/17] plink.exe: Connecting to xx.xx.xx.xx port 2222
[19:11:25 02/17] plink.exe: Server version: SSH-2.0-WeOnlyDo 2.1.3
[19:11:25 02/17] plink.exe: We claim version: SSH-2.0-PuTTY_Release_0.60
[19:11:25 02/17] plink.exe: Using SSH protocol version 2
[19:11:25 02/17] plink.exe: Using Diffie-Hellman with standard group "group14"
[19:11:25 02/17] plink.exe: Doing Diffie-Hellman key exchange with hash SHA-1
[19:11:26 02/17] plink.exe: Host key fingerprint is:
[19:11:26 02/17] plink.exe: ssh-rsa 1024 c4:44:d4:6c:cd:22:d4:9f:8c:35:e3:8b:c7:43:77:fa
[19:11:26 02/17] plink.exe: Initialised AES-256 CBC client->server encryption
[19:11:26 02/17] plink.exe: Initialised HMAC-SHA1 client->server MAC algorithm
[19:11:26 02/17] plink.exe: Initialised AES-256 CBC server->client encryption
[19:11:26 02/17] plink.exe: Initialised HMAC-SHA1 server->client MAC algorithm
[19:11:26 02/17] plink.exe: megara@83.169.11.10's password:
[19:11:26 02/17] Sending password
[19:11:26 02/17] plink.exe: Using username "user".
[19:11:26 02/17] plink.exe: Sent password
[19:11:26 02/17] plink.exe: Access granted
[19:11:26 02/17] plink.exe: Requesting remote port 8080 forward to 192.168.1.3:80
[19:11:26 02/17] plink.exe: Remote port forwarding from 8080 enabled
[19:11:36 02/17] Connection is stable

Top
February 17, 2010
#3
Justin
Justin's picture
Offline
Joined: 05/28/2008
Hmm, not sure right off why

Hmm, not sure right off why it is failing. But it's definitely the SSH under Meerkat that's doing it.

Can you try adding -v, then -vv, then -vvv, etc., to the command line try? That will provide more info, like the Windows desktop is.

If you feel more comfortable, feel free to email me instead to work through these issues as they seem specific to your server.

Top
February 18, 2010
#4
ElBarteros
Offline
Joined: 02/16/2010
i have tried lots of other

i have tried lots of other port instead 8080 but nothing works.

Here is the long log with -vvv:

imac-2:~ MyMac$ /usr/bin/ssh -p 2222 -l megara -N -o ConnectTimeout=5 -o TCPKeepAlive=yes -o NumberOfPasswordPrompts=1 -o ControlMaster=no -o PreferredAuthentications=password,keyboard-interactive -R 8080:192.168.1.3:xx.xx.xx.xx -vvv
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 2222.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 4966 ms remain after connect
debug1: identity file /Users/MyMac/.ssh/identity type -1
debug1: identity file /Users/MyMac.ssh/id_rsa type -1
debug1: identity file /Users/MyMac/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.1.3
debug1: no match: WeOnlyDo 2.1.3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 141/256
debug2: bits set: 1048/2048
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: put_host_port: [xx.xx.xx.xx]:2222
debug3: put_host_port: [xx.xx.xx.xx]:2222
debug3: check_host_in_hostfile: filename /Users/MyMac/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /Users/MyMac/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: filename /Users/MyMac/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key.
debug1: Found key in /Users/MyMac/.ssh/known_hosts:2
debug1: found matching key w/out port
debug2: bits set: 1031/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/MyMac/.ssh/identity (0x0)
debug2: key: /Users/MyMac/.ssh/id_rsa (0x0)
debug2: key: /Users/MyMac/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: password,publickey
debug3: start over, passed a different list password,publickey
debug3: preferred password,keyboard-interactive
debug3: authmethod_lookup password
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
megara@xx.xx.xx.xx's password:
debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: Remote connections from LOCALHOST:8080 forwarded to local address 192.168.1.3:80
debug1: Entering interactive session.
debug1: remote forward failure for: listen 8080, connect 192.168.1.3:80
Warning: remote port forwarding failed for listen port 8080
debug1: All remote forwarding requests processed

Top
February 22, 2010
#5
Justin
Justin's picture
Offline
Joined: 05/28/2008
This part of the command

This part of the command looks suspect:

-R 8080:192.168.1.3:xx.xx.xx.xx

It should be of the form "-R ip_address:hostname:port" and should not have two IP addresses in it.

Can you email me at contact-at-codesorcery-dot-net with a screenshot from the tunnel edit window?

Top
October 1, 2010
#6
Huan
Offline
Joined: 10/01/2010
Some anonymizing proxy

Some anonymizing proxy servers may forward data packets with header lines such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED, which may reveal the IP address of the client. Other anonymizing proxy servers, known as elite or high anonymity proxies, only include the REMOTE_ADDR header with the IP address of the proxy server, making it appear that the proxy server is the client. A website could still suspect a proxy is being used if the client sends packets which include a cookie from a previous visit that did not use the high anonymity proxy server. Clearing cookies, and possibly the cache, would solve this problem.

Top
Want to join the forums? Create an account or login.