Remote port-forwarding

[ED-Clint]

Can you please clarify this for me.

In your tunnel principles document (https://www.devart.com/sbridge/docs/ind ... ciples.htm) you explain that "If a Si computer from the server side wants to connect to the client C, Si should connect to the SSH server through the specified port, and the SSH server will create a secure channel to C through the SSH client.".

Does this mean that I could present a port from the client to the server. For example if I had MySQL running on the client I could make this available to the server on a "source port" at the server end?

That is how I read it, however when I try to do this I am presented with an error "Cannot listen forwarded port.".

So, the Destination Host and Port, when used with Remote set to True, means relative to the Client (so in my example above it would be 127.0.0.1 and 3306 respectively) and the Source port is for the Server to use?

[ViktorV]

When using a remote forwarding port:
- the SourcePort property is any port available for listening on the machine on which the SSH server is running;
- property DestHost - address of the machine with which the SSH server will establish a connection through the SSH client. If you specify a relative DNS host name (for example, localhost), then this address is relative to the SSH client, not the SSH server;
- property DestPort - port on the machine specified in the DestHost property with which a TCP / IP connection will be established.

[ED-Clint]

Hi Viktor,

Thank you for clarifying. This is how I have a simple test program setup. DestHost is 127.0.0.1 DestPort is 3306 and the SourcePort is a free port on the Server. Direct is False and Remote is True and yet I receive the error "Cannot listen forwarded port.".

Is this implying that the SourcePort is a problem or is this referring to the DestPort?

[ED-Clint]

I had assumed the error was referring to the Client side, so the DestPort however after my last post I went to check the server side, so the SourcePort and it seems this was the problem.

I have have a connection using a different port. So DestHost 127.0.0.1, DestPort 3306 and SourcePort 8011.

However when I try to open a mysql connection using port 8011 on the Server I am getting Access denied returned, so I am now investigating that.

[ED-Clint]

My server is now listening on the port I have used;

sshd 1071 adminuser 12u IPv4 117275442 0t0 TCP 127.0.0.1:8011 (LISTEN)

Though when I try to use this port;

mysql --port=8011 -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

However, on the MySQL server on the client, which has general_log = on set I do not see any connection attempts logged at all. If I connect locally the log shows me;

2020-07-15T04:10:09.575782Z 12 Connect root@localhost on using TCP/IP

If I purposely use a bad password I see;

2020-07-15T04:10:09.575782Z 12 Connect Access denied for user 'root'@'localhost' (using password: YES)

But the failed connection attempt from the server does not appear in this log at all, so it seems that the connection is not getting to the MySQL server. How can I troubleshoot connections across the tunnel more?

[ED-Clint]

I used Wireshark and I can see traffic coming in from the Server when I try to connect to MySQL across the tunnel.
I'm at a loss what to look at next, any suggestions would be appreciated.

[ED-Clint]

It works now. I found this article: https://stackoverflow.com/questions/622 ... ssh-tunnel

So I tried this on my server;

mysql -h 127.0.0.1 --port=8011 -u root -p

The connection now works. It seems the "-h 127.0.0.1" is required though I do not fully understand why.

[ViktorV]

Thank you for the interest to our product.
It is good to see that the problem has been solved.
If you have any questions during using our products, please don't hesitate to contact us - and we will try to help you solve them.