Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 10-04-2012, 12:26 AM
smudge smudge is offline
Registered User
 
Join Date: Sep 2010
Posts: 16
Question Port forwarding connections from other hosts?

I want to be able to use the port forwarding/SOCKS 5 proxy feature to allow other hosts on my network to go thru the SSH tunnel to the remote server and beyond.

In the SecureCRT Local Port Forwarding Properties screen, if I leave the "Manually select local IP address on which to allow connection" box unchecked, it only responds to connections to 'localhost'. If I check the box and enter an IP address, it responds to connections to that IP but still only locally to the PC.

PuTTY has this ability by a simple "Local ports accept connections from other hosts" checkbox but I'd prefer to use SecureCRT.


I'm using Version 7.0.1 (x64 build 374)
Reply With Quote
  #2  
Old 10-04-2012, 08:32 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,635
Hello smudge,

Did you follow the steps outlined in the Using a SecureCRT® Secure Shell Connection as a SOCKS Proxy tip?

It sounds like you may have only done part of the configuration steps necessary.

You should leave the "Manually select local IP address on which to allow connections" box unchecked when setting up the "master session".
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 10-04-2012, 09:50 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,635
Hi smudge,

A colleague pointed out you probably need to edit the port forward filters to allow "other" machines on the network to connect through.

One resource would be the SecureCRT help topic Secure Connections / Configuring Port-Forwarding Filters.

The other is this FAQ on our website.

As a note, I have added this thread to a feature request in our product enhancement database to add GUI options for configuring port forwarding filters in SecureCRT. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10702" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by bgagnon; 10-04-2012 at 10:42 AM.
Reply With Quote
  #4  
Old 10-04-2012, 03:51 PM
smudge smudge is offline
Registered User
 
Join Date: Sep 2010
Posts: 16
Thumbs up

Thank you for your response.

Yes I did follow the SOCKS tip but as your coworker pointed out, this issue is regarding accessing the tunnel from other LAN hosts. Your followup post with the Configuring Port-Forwarding Filters FAQ was exactly what I needed. It is working great now.

May I suggest that you copy the info from 2nd FAQ to the end of the 1st FAQ? It could be included at the end in an "Advanced optional configuration" section.
Or at the very least, add a link to the 2nd FAQ at the end of the 1st. If that first FAQ (which is mentioned many times in the forums) had this info, I would have been able to resolve it sooner and without creating a post.


While I've got your attention, could I request a couple of enhancements to be added? I have the port forwarding session configured to not create a shell so it just appears as a black window. Could you have the session window give information about the port forwarding connection? I'd love to have the window show something like this.


Code:
This is a non-shell Port Forwarding session with the following properties:
SSH2 Server: 10.6.113.242:22

Listening connections:
Name             Local               Remote              Application  
Outgoing SOCKS5  0.0.0.0:1080

Filters:
allow,127.0.0.0/255.0.0.0,0
deny,0.0.0.0/0.0.0.0,0

Established connections:
Date     Time    Local               Remote               
20121004.152839  192.168.1.227:22    10.96.22.148:49633   
20121004.153503  192.168.1.236:21    10.96.18.78:49003
20121004.153504  192.168.1.236:20    10.96.18.78:49026

Closed connections:
Date     Time    Local               Remote               
20121004.152413  192.168.1.227:22    10.96.22.148:49251

If the screen can't keep a dynamic display going, could it at least have simple log lines? (which could also be included in the log file, if enabled)
Code:
20121004.151945 L:192.168.1.227:22 R:10.96.22.148:49251 OPENED
20121004.151948 L:192.168.1.227:22 R:10.96.22.148:49251 ESTABLISHED
20121004.152413 L:192.168.1.227:22 R:10.96.22.148:49251 CLOSED
Thanks for listening and again, thanks for your help.

Last edited by smudge; 10-04-2012 at 03:54 PM.
Reply With Quote
  #5  
Old 10-05-2012, 09:57 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,635
Hi smudge,

Thanks for the update. I am glad to hear you were able to resolve the issue.

I have submitted a feature request for the SSH SOCKS proxy tip to be updated to either include a link to the port forward filters tip or include the entire contents of the tip.

Additionally, I have created a feature request in our product enhancement database on your behalf for dynamic display of port forwarding info in terminal window (for non-shell sessions) or port forward messages in separate log. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10702" in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #6  
Old 10-05-2012, 10:45 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,635
Hi smudge,

An additional FYI, there is basic port forward information that shows up in Trace Options output (File menu) when it is enabled.

You can take that a step further by increasing the logging level to 8 and configuring the session with a timestamp to get additional information.
  • Edit the session to include custom data on each line of logging (see attached)

  • Take note of SecureCRT's config location in the Global Options / General category

  • Close SecureCRT

  • Edit the .ini file of the session (or default.ini if making an "ad hoc" connection):
D:"Trace Level"=00000000 (or 1)
to
D:"Trace Level"=00000008
  • Launch SecureCRT

  • Choose Log Session from File menu (supply name and location)

  • Double-check there is a checkmark next to Log Session

  • Connect main session and port forward sessions
Timestamps won't actually be displayed in the terminal window, but will be included in the log file.
Attached Images
File Type: gif custom_logging_timestamp_Windows.gif (25.3 KB, 458 views)
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 02:40 AM.