cygwin port forwarding

cygwin port forwarding

[Ross Boylan]

Can non-cygwin applications "see" the ports ssh in cygwin sets up for
forwarding?  I did some tests on Windows 7 and found that, although the
forwarding was clearly in effect for commands I ran in the cygwin shell,
it did not seem to be accessible to the regular Windows version of
Thunderbird.

The local port I forwarded was not privileged.  I used no Windows admin
privileges.

Thanks for any info.
Ross Boylan


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin port forwarding

[René Berber]

On 6/23/2012 11:29 AM, Ross Boylan wrote:

> Can non-cygwin applications "see" the ports ssh in cygwin sets up for
> forwarding?  I did some tests on Windows 7 and found that, although the
> forwarding was clearly in effect for commands I ran in the cygwin shell,
> it did not seem to be accessible to the regular Windows version of
> Thunderbird.

Yes.

I use a tunnel from home to work, and by use I mean Firefox to open 
pages/applications I don't want to expose to the Internet.

It should be the same with Thunderbird, of course the port changes, but 
you connect to localhost:143 (IMAP), localhost:25 (SMTP), or whatever. 
If you can connect with telnet to those ports, then TBird shouldn't have 
a problem.
-- 
René Berber




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin port forwarding

[Andrey Repin]

Greetings, Ross Boylan!

> Can non-cygwin applications "see" the ports ssh in cygwin sets up for
> forwarding?  I did some tests on Windows 7 and found that, although the
> forwarding was clearly in effect for commands I ran in the cygwin shell,
> it did not seem to be accessible to the regular Windows version of
> Thunderbird.

> The local port I forwarded was not privileged.  I used no Windows admin
> privileges.

netstat -aon

Curious, what "tests" you did instead of getting the data straight from OS?
And what exactly you've tried to do? If you're looking for proxy through SSH
tunnel, you'd be better off with PuTTY -D 1080 and IE using SOCKS proxy.


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 24.06.2012, <04:05>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

RE: cygwin port forwarding

[Karl M]

> Date: Sun, 24 Jun 2012 04:07:57 +0400
> From: anrdaemon
> To: ross; cygwin
> Subject: Re: cygwin port forwarding
>
> Greetings, Ross Boylan!
>
> > Can non-cygwin applications "see" the ports ssh in cygwin sets up for
> > forwarding? I did some tests on Windows 7 and found that, although the
> > forwarding was clearly in effect for commands I ran in the cygwin shell,
> > it did not seem to be accessible to the regular Windows version of
> > Thunderbird.
>
> > The local port I forwarded was not privileged. I used no Windows admin
> > privileges.
>
> netstat -aon
>
> Curious, what "tests" you did instead of getting the data straight from OS?
> And what exactly you've tried to do? If you're looking for proxy through SSH
> tunnel, you'd be better off with PuTTY -D 1080 and IE using SOCKS proxy.
>
Or you can use use the -D option for ssh (OpenSSH).

 

...Karl 		 	   		  

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin port forwarding

[Ross Boylan]

On Sun, 2012-06-24 at 04:07 +0400, Andrey Repin wrote:
> Greetings, Ross Boylan!
> 
> > Can non-cygwin applications "see" the ports ssh in cygwin sets up for
> > forwarding?  I did some tests on Windows 7 and found that, although the
> > forwarding was clearly in effect for commands I ran in the cygwin shell,
> > it did not seem to be accessible to the regular Windows version of
> > Thunderbird.
> 
> > The local port I forwarded was not privileged.  I used no Windows admin
> > privileges.
> 
> netstat -aon
> 
> Curious, what "tests" you did instead of getting the data straight from OS?
> And what exactly you've tried to do? If you're looking for proxy through SSH
> tunnel, you'd be better off with PuTTY -D 1080 and IE using SOCKS proxy.
> 
I ran netstat, I think in a non-cygwin terminal, and didn't see the
ports listed (though I remember doing netstat-an, which seems like Unix
options not windows).  For thunderbird, I pointed it at localhost and
the forwarded port, and was unable to connect.  One reason I asked is
that I have only middling confidence I  know what t-bird is actually
doing.

On the other hand, inside a cygwin terminal I was able to use openssl to
connect via the same port on localhost.

The target port is secure IMAP, 993.

I'm using ssh in addition to SSL because the tunnel must be though ssh
and the server is only serving SSL.  The underlying motivation is that
we suspect the links used by the regular connection are not reliable.

Ross


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin port forwarding

[René Berber]

On 6/24/2012 1:33 PM, Ross Boylan wrote:

> I ran netstat, I think in a non-cygwin terminal, and didn't see the
> ports listed

Then there is no tunnel.

You probably used the wrong command instead of 'ssh -fNL ...'

> For thunderbird, I pointed it at localhost and
> the forwarded port, and was unable to connect.  One reason I asked is
> that I have only middling confidence I  know what t-bird is actually
> doing.

TBird will have one minor problem: the server certificate.

Since you are connecting to localhost and the server has its own name in 
the certificate (if configured correctly), then you will be shown the 
warning panel, and you will have to 'accept' to continue using that server.

> On the other hand, inside a cygwin terminal I was able to use openssl to
> connect via the same port on localhost.

Meaning?

Did you use "openssl s_client ..." or you mean something else.  That 
test if for sending main, not reading, which seems to be what you wanted 
to do.

> The target port is secure IMAP, 993.

As long as TBird is configured (Server settings) with the correct port, 
and "Security Settings" (SSL/TLS), there is no problem, it works.

There are 2 separate configurations in TBird, one for reading, one for 
sending (at the bottom of the "Account Settings" window: "Outgoing Server").
-- 
René Berber




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: cygwin port forwarding

[Andrey Repin]

Greetings, René Berber!

>> I ran netstat, I think in a non-cygwin terminal, and didn't see the
>> ports listed

> Then there is no tunnel.
^^^^^^^^^^^^^^^^^^^^^^^^^^
This.

> You probably used the wrong command instead of 'ssh -fNL ...'

>> For thunderbird, I pointed it at localhost and
>> the forwarded port, and was unable to connect.  One reason I asked is
>> that I have only middling confidence I  know what t-bird is actually
>> doing.

> TBird will have one minor problem: the server certificate.

> Since you are connecting to localhost and the server has its own name in 
> the certificate (if configured correctly), then you will be shown the 
> warning panel, and you will have to 'accept' to continue using that server.

>> On the other hand, inside a cygwin terminal I was able to use openssl to
>> connect via the same port on localhost.

> Meaning?

> Did you use "openssl s_client ..." or you mean something else.  That 
> test if for sending main, not reading, which seems to be what you wanted 
> to do.

openssl "s_client" command is for general TLS functionality check.
You can use it to connect to any TLS-enables service.
You can think about it as if it is telnet for TLS.

>> The target port is secure IMAP, 993.

> As long as TBird is configured (Server settings) with the correct port, 
> and "Security Settings" (SSL/TLS), there is no problem, it works.

> There are 2 separate configurations in TBird, one for reading, one for 
> sending (at the bottom of the "Account Settings" window: "Outgoing Server").


--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 25.06.2012, <13:34>

Sorry for my terrible english...

Re: cygwin port forwarding [working]

[Ross Boylan]

I have some updates and successes.

First, I do see the forwarded ports with netstat -aon in a windows 
command prompt:
   TCP    [::1]:2525             [::]:0 LISTENING       388
   TCP    [::1]:9933             [::]:0 LISTENING       388
I may have missed them because I didn't look at the ::1 addresses or 
because the destination host and port is oddly blank.

 From within a cygwin terminal I did
  openssl s_client -connect localhost:9933
which showed me the certificate of the mail server I was trying to reach.

Finally, when I switched thunderbird to use localhost at port 9933 (with 
connection security set to SSL/TLS) it did make contact.  As René 
indicated, T-bird complained about the certificate (which has also 
expired).  Then I ran into what seems like a T-bird bug: every time I 
hit "accept certificate" it brought the same dialogue asking for 
confirmation up.  Eventually I closed it by hitting the red x on the 
window (though it took a couple of tries).  It seems to be working.  
Even if it's not, it seems clear the port forwarding is working.

I'm not sure why it didn't work the first time.

Thanks to René, Andrey, and Karl for their help.

Ross

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple