SSH tunnel over 2 servers

0

I used the following command to create a tunnel from my system to server1 and from server1 to server2 to have a tunnel from my system to server2

ssh -t -t -L4450:localhost:5590 user1@server1 'ssh -L 5590:localhost:2000 user@server2'

But I get the following messages when I try to browse the web in my browser:


channel 3: open failed: connect failed: Connection refused
channel 4: open failed: connect failed: Connection refused

Is there anything wrong with the command?

EDIT:

My goal is to access internet via server2(SOCKS Proxy). Because of some limits, I have to use a interface server(server1) to create a tunnel to server2.

hpn

Posted 2011-12-09T07:40:36.387

Reputation: 115

1One thing that could be wrong is that -L isn't the option normally used when one wants to "browse the web" over SSH, it is for establishing tunnels to a single explicit destination. What kind of program do you have running on server2 on port 2000? – user1686 – 2011-12-09T07:58:26.023

@grawity I find this command by searching in google. I changed 2000 to 80. With 80, it doesn't show the message anymore, but I still cant browse the web. Firefox shows "Connecting to example.com" and then says "Unable to connect" – hpn – 2011-12-09T08:04:48.003

Could you explain a bit more in your post -- for example, what were you trying to achieve in the first place? Browse the entire web via 'server2', or to access a single specific service? – user1686 – 2011-12-09T08:10:16.517

@grawity I edited the post – hpn – 2011-12-09T08:45:14.567

Does server2 already have a SOCKS proxy running, or are you trying to create one using the tunnel? – user1686 – 2011-12-09T09:13:58.420

@grawity I'm trying to create one using the tunnel – hpn – 2011-12-09T09:41:58.870

let us continue this discussion in chat

– hpn – 2011-12-09T09:54:54.900

Answers

1

This should be the command:

ssh -t -L4450:localhost:5590 user1@server1 ssh -t -D5590 user@server2

The first ssh does a straight portforward of 4450 to server1, sending packets to its port 5590. The second establishes a connection to server2 with a dynamic portforward (socks proxy) listening on server1 port 5590.

So packets from you going to your localhost:4450 will get forwarded to server1 5590, which is the dynamic port forward sent to server2 and out to the internet from the server2 IP.

Paul

Posted 2011-12-09T07:40:36.387

Reputation: 52 173

Thanks. but Firefox says: The proxy server is refusing connections. Why? – hpn – 2011-12-09T12:08:08.397

maybe related: debug1: Local forwarding listening on ::1 port 4450. – hpn – 2011-12-09T12:20:02.323

Can you do netstat -an | grep 4450 on the origin, and netstat -an | grep 5590 on server1? – Paul – 2011-12-09T12:50:33.287

Yes. both have results – hpn – 2011-12-09T13:08:01.637

Now it works. I don't know why it didn't work before. Thanks – hpn – 2011-12-09T13:11:43.863

Asked: 2011-12-09T07:40:36.387

Viewed: 1 395 times

Active: 2011-12-09T11:59:54.183