[Vortex] Telnet & SSH connections

Francis Brosnan Blazquez francis at aspl.es
Mon Apr 11 13:18:44 CEST 2011 

> Hi, 

Hi Robert,

> I have a strange problem with a quite complex setup. Here is the setup:
> 
> 1. I have a BEEP listening server running on remote.com in a VM listening on 192.168.22.100:44000
> 2. The VM uses NAT network setup. The NAT router is 192.168.22.1
> 3. There is a port forwarding configured from 192.168.22.1:44000 to 192.168.22.100:44000 so the beep server can be reached.
> 4. I have a further system mycomputer.com I work on.
> 
> Depending on what I do I can reach the BEEP server or not. These are the different approaches:
> 
> 1. telnet 192.168.22.1 44000 from remote.com: This should connect to the beep server. I get a connection but the beep server doesn't recognize it as a connection.
> 
> 	s1:~ developer$ telnet 192.168.22.1 44000
> 	Trying 192.168.22.1...
> 	Connected to 192.168.22.1.
> 	Escape character is '^]'.
> 
> After a couple of seconds the telnet connection is closed.

I think you really mean "telnet remote.com 44000", don't you? I mean,
you are telneting to the NAT port at the public IP from a remote
location, right?

In such case, if you receive a TCP connect (which seems your case), that
means the nat is pointing to something is not your BEEP listener or the
NAT router is not working (maybe a reboot?).

> 2. ssh -L 44000:192.168.22.1:44000 me at remote.com from mycomputer.com:
> This setup a SSH port forwarding from mycomputer.com:44000 via
> remote.com:22 to 192.168.22.1:44000
> 
> The ssh command ends in that I have a prompt for user me on
> remote.com. When I now use: telnet localhost 44000 (all run from
> me at remote.com) I get a connection and the BEEP server recognizes it.

This command matches your description, I mean, you run a ssh to a remote
IP. 

Looking at this it is clear the BEEP listener is at least responding at
the remote local LAN...so maybe the host running the BEEP listener have
no default gateway to reply to NAT (but this is somehow contradictory
with "Connected" message you receive) + the NAT is pointing to a
different host/port...

> 3. Still having the SSH port forwarding from 2. up & running I now try
> to use: telnet localhost 44000 from mycomputer.com, which should be
> tunneled through SSH and forwarded to 192.168.22.1:44000 I get the
> same result as from 1.

I don't how this differs from previous point (2). It looks to me the
same case...

> I'm wondering why the BEEP server recognizes one connection via telnet
> but the others not? IMO all attempts should be forwarded to
> 192.168.22.100:44000 where the BEEP server is running.
> 
> Do you have any idea? Or how I can track this down?

I believe it is some routing problem (missing gateway) or firewall
blocking your NATed connection or the NAT router not working/properly
configured. Maybe you can run the following at the host running your
BEEP listener so see packets coming/going:

>> tcpdump  -vv -i any port 44000

...it will show you even half connected/refused TCP connections.

Good luck!

> - --
> Robert M. Münch
> http://www.robertmuench.de
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.1.1 (Build 10)
> Charset: iso-8859-1
> 
> wsBVAwUBTaDV5HSQa/BbHGLwAQnKQAf9FgCt6Yiq0c6lKf4LhOGC6xO538Y+Gs7p
> Lp1lmgFbayAvp7fvz0u4PqtEoTckB6LTFT/5SYx4xTSWzx+wdKGuzn1SJVEZggeX
> om5kX08AKhUxZE/Nqv+bGZc7TqI3v4xKYU6NxYWvN8i8Jju81mB5mNF3swBWhC+s
> UNQ2VSahr3EiQ4sNKxoAmgZUBScd9ZZaeZUshnivuAW2OS6yq76RXHZuZIwxsAz0
> lPXMVMTM4hh+tAEQEU+8Ls5MAzHklcOycNTUNHyvGEW0oBm+idDDWeDz1zY/Vq8n
> IjP6tyvei5kikUsdtG/PNv8p/ym6Ku5NfgoceDAdsPljug1Oh+lazQ==
> =FL8n
> -----END PGP SIGNATURE-----
> _______________________________________________
> Vortex mailing list
> Vortex at lists.aspl.es
> http://lists.aspl.es/cgi-bin/mailman/listinfo/vortex
-- 
Francis Brosnan Blázquez <francis.brosnan at aspl.es>
ASPL
91 134 14 22 - 91 134 14 45 - 91 116 07 57

AVISO LEGAL

Este mensaje se dirige exclusivamente a su destinatario. Los datos
incluidos en el presente correo son confidenciales y sometidos a secreto
profesional, se prohíbe divulgarlos, en virtud de las leyes vigentes. Si
usted no lo es y lo ha recibido por error o tiene conocimiento del mismo
por cualquier motivo, le rogamos que nos lo comunique por este medio y
proceda a destruirlo o borrarlo.

En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
diciembre, de Protección de Datos de Carácter Personal, le informamos de
que sus datos de carácter personal, recogidos de fuentes accesibles al
público o datos que usted nos ha facilitado previamente, proceden de
bases de datos propiedad de Advanced Software Production Line, S.L.
(ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
rectificación, cancelación y oposición dispuestos en la mencionada Ley
Orgánica, notificándolo por escrito a:
ASPL - Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá de
Henares (Madrid).

More information about the Vortex mailing list