Am 31. Jul, 2023 schwätzte Jim via PLUG-discuss so: moin moin, First off, obviously, don't trust Gerald, he is likely trying to sabatage Ladmo. > Today I was trying ssh tunneling between my desktop machine and a raspberry > pi.  On the desktop machine I entered the following: > > ssh user@192.168.1.4 -L 3000:192.168.1.4:1234 I believe that builds a connection from localhost on your system to localhost on the remote box tranversing the network stack to the external IP address on the remote box. > I then gave it my password then started rtl_tcp : > > $ rtl_tcp -a 192.168.1.4 -p 1234 If you use localhost or 127.0.0.1 on the ssh tunnel, you can keep rtl_tcp on localhost only as well if the ssh tunnel is the only thing that connects to it. > From my desktop machine I connected to 127.0.0.1:3000 and the connection was > successful. > > $ nrsc5 -H 127.0.0.1:1234 91.9 0 >  IT worked as expected. > > Then I logged out and tried again, only instead of the ip address I entered > the name of hostname. > > $ ssh user@ladmo.asuscomm.com -L 1234:ladmo.asuscomm.com:1234 What IP address to Ladmo think Ladmo has? Is it now connecting to 127.0.0.1 rather than the external IP? For a local tunnel ( -L ), the hostname between the ports is resolved by the remote system, so the remote part of the tunnel connected to whatever IP Ladmo resolves for its own hostname. This also allows creating tunnels that talk to an entirely different host. $ ssh user@ladmo.asuscomm.com -L 1234:phxlinux.org:443 Using that tunnel on one of my test systems allowed me talk to the PLUG web server over the tunnel. Getting TLS correct for such a tunnel can be a pain. $ echo | openssl s_client -showcerts -servername phxlinux.org -connect localhost:1234 2>/dev/null | openssl x509 -noout -subject -dates -fingerprint subject=CN = phxlinux.org notBefore=Jul 13 00:35:39 2023 GMT notAfter=Oct 11 00:35:38 2023 GMT SHA1 Fingerprint=92:56:0D:77:91:88:7F:54:BB:0F:3F:F7:07:D8:C7:45:92:92:0F:56 $ ciao, der.hans > Then I started rtl_tcp just like I did before. > > From the desktop machine I tried the same command again: > $ nrsc5 -H 127.0.0.1:1234 91.9 0 > > This time I got an error message.  I checked the terminal window where I > logged into the raspberry pi and saw this: > channel 3: open failed: connect failed: Connection refused > > I logged out and tried again, only with the -v option: > $ ssh -v user@machine.domain.com -L 1234:machine.domain.com:1234 > > > I tried again: > $ rtl_tcp -a 192.168.1.4 -p 1234 > > This time I got   a little more information: > > debug1: channel 3: free: direct-tcpip: listening port 3000 for > machine.domain.com port 1234, connect from 127.0.0.1 port 56318 to 127.0.0.1 > port 3000, nchannels 4 > > I tried one more time using the IP address assigned by my ISP.  It didn't > work and I got the same message as above. > > Does anyone know why it doesn't work when I don't use the local IP address? > The router is configured to forward incoming connections on port 22 to the > raspberry pi. > > > Thanks > > -- # https://www.SpiralArray.com https://www.PhxLinux.org # But getting smart is a tricky business. The smartest people I've ever met # are the ones who knew exactly what they were ignorant of. -- Alan Alda # Southamton commencement speech, 2007May18