Unable to SSH tunnel

Eddie linux0642 at sbcglobal.net
Mon Jul 12 14:16:18 PDT 2004 

I have webmin installed on a brand new installation of FreeBSD 5.2.1. I 
tunnel port 10000 to my localhost and connect to wemin like this:

http://127.0.0.1:10000

I always connect to webmin this way, with all *nix machines I admin. 
This does not seem to work with FreeBSD 5.2.1. It does work out of the 
box for other versions (4.7 and 4.8 at least) of FreeBSD though. Is 
there some rule somewhere preventing port forwarding in 5.2? Here's my 
netstat output:

bsd3c# netstat -nat
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  192.168.1.19.22       69.91.145.220.46031    
ESTABLISHED
tcp4       0      0  127.0.0.1.25           *.*                    LISTEN
tcp4       0      0  *.22                   *.*                    LISTEN
tcp6       0      0  *.22                   *.*                    LISTEN
tcp4       0      0  *.10000                *.*                    LISTEN
udp4       0      0  *.10000                *.*                   
udp4       0      0  *.514                  *.*                   
udp6       0      0  *.514                  *.* 


ipfw output:
ipfw: getsockopt(IP_FW_GET): Protocol not available

webmin is running and listening on port 10000 as it's supposed to, and I 
can connect to webmin on the localhost with links. The sshd config file 
gives no indication that tunneling is disabled, and it has not been 
modified in any way. According to the OpenSSH documentation, 
"AllowTcpForwarding " is turned on by default. There is no reference to 
this in the sshd config file, however. I have included the sshd_config 
file for your review:

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

I would be glad to hear what anyone's thoughts are on this.

Eddie

More information about the freebsd-questions mailing list