我正在尝试通过 NAS(运行 FreeBSD 的 NAS4Free)上的 ssh 隧道进行一些远程端口转发,该 NAS 位于防火墙后面。我已gateway_enable="YES"在 中添加了/etc/rc.conf,也在net.inet.ip.forwarding=1中添加了/etc/sysctl.conf。
隧道似乎可以通过以下命令运行:
ssh -R 0.0.0.0:49153:localhost:8080 [email protected] -p 16
-v这是我在获得访问权限之前使用 ssh 命令时的日志:
OpenSSH_7.2p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015
debug1: Connecting to a.b.c.d [a.b.c.d] port 16.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2-hpn14v5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Remote is NON-HPN aware
debug1: Authenticating to a.b.c.d:16 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: <secret content>
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: <secret content> SHA256:<secret content>
debug1: skipped DNS lookup for numerical hostname
debug1: Host '[a.b.c.d]:16' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to a.b.c.d ([a.b.c.d]:16).
debug1: Remote connections from 0.0.0.0:49153 forwarded to local address localhost:8080
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: remote forward success for: listen 0.0.0.0:49153, connect localhost:8080
debug1: All remote forwarding requests processed
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-85-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information as of Wed Apr 27 19:53:40 UTC 2016
System load: 0.01 Processes: 250
Usage of /: 7.0% of 27.05GB Users logged in: 0
Memory usage: 37% IP address for eth0: a.b.c.d
Swap usage: 0% IP address for tun0: 10.8.0.1
Graph this data and manage this system at:
https://landscape.canonical.com/
Last login: Wed Apr 27 19:53:41 2016 from <secret content>
username@localhost:~$
然而,当我尝试登录访问我的 NAS 上运行的网站时https://abcd:49153/我ERR_CONNECTION_REFUSED打开浏览器并从 ssh 会话中获取以下日志:
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen 0.0.0.0 port 49153, originator <secret content> port 12010
debug1: connect_next: host localhost ([127.0.0.1]:8080): Connection refused
debug1: connect_next: host localhost ([::1]:8080): Connection refused
connect to localhost port 8080 failed: Connection refused
debug1: failure forwarded-tcpip