search

securesocketfunneling / ssf

Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
https://securesocketfunneling.github.io/ssf/
Other
1.59k stars 234 forks source link

Client remote TCP forward only binds on remote localhost instead of 0.0.0.0. #54

Open egidijus opened 6 years ago

egidijus commented 6 years ago

Hello, I think I answered my own question.... I am trying to use ssf like ssh, pushing ports from a Client machine to the Server machine. Client machine has a service listening on TCP 28015. Client machine IP is 192.168.5.98.

Server machine has ssfd running ssfd -S -g -p 8011. Server IP is 100.100.100.100

On the Client, I create a connection from client machine to server machine like this:

ssf -g -R 28015:127.0.0.1:28015 -p 8011 100.100.100.100

On the Server I can see my tunnel via netstat:

mrpickles@server:/opt/ssf# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:28015          0.0.0.0:*               LISTEN      10557/ssfd      
tcp        0      0 0.0.0.0:8011            0.0.0.0:*               LISTEN      10557/ssfd

When I am on the Server, I can curl the service port on the 127.0.0.1:28015 address and my request gets forwarded to the client machine. I see output from my service.

Because the forwarded/tunneled is bound to a local address, the service 28015 on the Server is not accessible over any other interface or address.

I was expecting that the forwarded service port would bind to 0.0.0.0 and would be accessible via any available interface or IP.

For example, curling the Server on 100.100.100.100:28015 would return data from the Client.

ANSWER:

I read this again, and again:

-R, --remote-tcp-forward [bind_address:]port:remote_host:remote_port

Then I updated my Client connection parameters to this:

ssf -g -R 0.0.0.0:28015:127.0.0.1:28015 -p 8011 100.100.100.100

I was able to create a connection to the Server that would listen on all interfaces.

mrpickles@server:/opt/ssf# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:28015            0.0.0.0:*               LISTEN      10557/ssfd      
tcp        0      0 0.0.0.0:8011            0.0.0.0:*               LISTEN      10557/ssfd

I am not sure if that text is very clear in explaining how -R should be used.