PDA

View Full Version : SLES 11 SP4 Cannot local port forward 1521



slesmaster
02-May-2017, 02:07
Dear all,

I've set up a virtualbox virtual machine with NAT interface and setup port forwarding between host os port 4222 and guest os port 22

I'm trying to local forward port 1521 on the host os to port 1521 on the guest os.

However it failed.

when I ssh



$ ssh -p 4222 -L localhost:1158:localhost:1158 -L localhost:1521:localhost:1521 root@localhost -v
OpenSSH_7.4p1, OpenSSL 1.0.2k 26 Jan 2017
debug1: Connecting to localhost [::1] port 4222.
debug1: connect to address ::1 port 4222: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 4222.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/yury/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:4222 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XbMTdZNjIEDIjJfvbf/1tpMHumgQ8KbG0pBTLFPPLTI
debug1: Host '[localhost]:4222' is known and matches the ECDSA host key.
debug1: Found key in /home/yury/.ssh/known_hosts:17
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/yury/.ssh/id_rsa
debug1: Trying private key: /home/yury/.ssh/id_dsa
debug1: Trying private key: /home/yury/.ssh/id_ecdsa
debug1: Trying private key: /home/yury/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to localhost ([127.0.0.1]:4222).
debug1: Local connections to localhost:1158 forwarded to remote address localhost:1158
debug1: Local forwarding listening on ::1 port 1158.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1158.
debug1: channel 1: new [port listener]
debug1: Local connections to localhost:1521 forwarded to remote address localhost:1521
debug1: Local forwarding listening on ::1 port 1521.
debug1: channel 2: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1521.
debug1: channel 3: new [port listener]
debug1: channel 4: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
Last login: Fri Apr 28 15:35:24 2017 from 10.0.2.2


tailing /var/log/messages



suse113-11204-ee-rac1:~ # tail -f /var/log/messages
May 2 08:09:01 suse113-11204-ee-rac1 su: (to root) oracle on /dev/pts/1
May 2 08:09:06 suse113-11204-ee-rac1 sshd[14930]: error: connect_to localhost port 1521: failed.
May 2 08:10:07 suse113-11204-ee-rac1 sshd[14930]: error: connect_to localhost port 1521: failed.
May 2 08:10:17 suse113-11204-ee-rac1 sshd[14930]: error: connect_to localhost port 1521: failed.
May 2 08:16:31 suse113-11204-ee-rac1 sshd[14930]: Received disconnect from 10.0.2.2: 11: disconnected by user
May 2 08:18:09 suse113-11204-ee-rac1 sshd[17503]: Accepted keyboard-interactive/pam for oracle from 10.0.2.2 port 56446 ssh2
May 2 08:29:46 suse113-11204-ee-rac1 sshd[7778]: Received disconnect from 10.0.2.2: 11: disconnected by user
May 2 08:32:00 suse113-11204-ee-rac1 sshd[17668]: Received disconnect from 10.0.2.2: 11: disconnected by user
May 2 08:38:54 suse113-11204-ee-rac1 syslog-ng[1678]: Log statistics; dropped='pipe(/dev/xconsole)=0', dropped='pipe(/dev/tty10)=0', processed='center(queued)=359', processed='center(received)=200', processed='destination(messages)=194', processed='destination(mailinfo)=2', processed='destination(mailwarn)=0', processed='destination(localmessages)=19', processed='destination(newserr)=0', processed='destination(mailerr)=0', processed='destination(netmgm)=0', processed='destination(warn)=46', processed='destination(console)=46', processed='destination(null)=2', processed='destination(mail)=2', processed='destination(xconsole)=46', processed='destination(firewall)=0', processed='destination(acpid)=2', processed='destination(newscrit)=0', processed='destination(newsnotice)=0', processed='source(src)=200'
May 2 08:43:02 suse113-11204-ee-rac1 sshd[24097]: Accepted keyboard-interactive/pam for root from 10.0.2.2 port 57719 ssh2
debug1: Connection to port 1521 forwarding to localhost port 1521 requested.
debug1: channel 5: new [direct-tcpip]
channel 5: open failed: connect failed: Connection refused
debug1: channel 5: free: direct-tcpip: listening port 1521 for localhost port 1521, connect from 127.0.0.1 port 57784 to 127.0.0.1 port 1521, nchannels 6
May 2 08:44:27 suse113-11204-ee-rac1 sshd[24097]: error: connect_to localhost port 1521: failed.




anyone have any idea what is wrong?

what should be done to local port forward 1521

Thanks a lot

ab
02-May-2017, 12:56
Did you make sure that TCP 1521 is listening on the guest side? I haven't
compared with anything on my side yet, but all of the errors I see appear
to be from your actual connection attempt to TCP 1521 on the SSH client,
which should forward to 1521 on the SSH server, and from there you get
'Connection Refused' indicating nothing is there listening for a
connection from the client that would consume 1521.

It may be useful to verify where TCP 1521 is listening using the following
commands on both systems:



hostname
ss -planeto | grep :1521 | grep 'LISTEN '


Based on the port number I presume this is some kind of proprietary
database; have you started its listener on the SSH server (VirtualBox
guest) side?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

slesmaster
03-May-2017, 04:24
oracle@suse113-11204-ee-rac1:~> ss -planeto | grep :1521 | grep 'LISTEN '
LISTEN 0 128 192.168.56.3:1521 *:* uid:54422 ino:75453 sk:9f232f00ffff8800
LISTEN 0 128 192.168.56.2:1521 *:* uid:54422 ino:75449 sk:9f2335c0ffff8800
LISTEN 0 128 192.168.56.5:1521 *:* uid:54422 ino:74802 sk:a37bc140ffff8800
LISTEN 0 128 192.168.56.4:1521 *:* uid:54422 ino:73996 sk:a37bc800ffff8800
LISTEN 0 128 192.168.56.6:1521 *:* uid:54422 ino:73566 sk:a37bcec0ffff8800


any implication on the above?

thanks

ab
03-May-2017, 13:00
Yes, perfect; this shows exactly why it is not working. Recall that your
SSH tunnel is configured by you to point to localhost; none of those
listening addresses (192.168.56.x) is likely to resolve to 'localhost'
(usually 127.x.x.x) and thus the connection is refused by the OS since
nobody is there to listen.

Either get your listener to listen on whatever IP is mapped to 'localhost'
on the box (see /etc/hosts file) or else try this instead:



ssh -p 4222 -L localhost:1158:localhost:1158 -L
localhost:1521:192.168.56.3:1521 root@localhost -v


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

slesmaster
02-Jun-2017, 00:57
Dear ab,

it resolves my issues.

thanks a lot!