View Single Post
  #2  
Old 09-08-2020, 06:24 PM
jjh jjh is offline
VanDyke Customer Support
 
Join Date: Feb 2004
Posts: 815
Hello mr.dk.

When you configure standard SSH2 port forwarding in your session, you are configuring SecureCRT to listen on the specified port and forward the traffic along through the SSH2 server that you are connected to, to the target machine.

So for example, if you are connected to a server named "Server1" with your SecureCRT session and the machine that uses port 6200 is on a machine named "Server2", you would connect to localhost on port 6200 and the traffic would be forwarded through Server1 and end up at server2.

The default port forward filter looks like the following, which would allow the traffic from the local loopback addresses in the 127.0.0.0 range:

S:"Port Forward Filter"=allow,127.0.0.0/255.0.0.0,0 deny,0.0.0.0/0.0.0.0,0

All other IP addresses would be denied.

I would expect that if you edited the port forward filter to look like the following, the IP address 192.168.100.155 would be allowed on all ports:

S:"Port Forward Filter"=allow,127.0.0.0/255.0.0.0,0 allow,192.168.100.155/255.255.255.255,0 deny,0.0.0.0/0.0.0.0,0

I would not recommend the change that you made to the reverse forward filter.

I would have expected the change that you made to be successful, but it seems too permissive. The "Allow" that you made for 192.168.100.155 would be redundant because you are already allowing connections from all IP addresses on all ports.

The other part of the problem you are experiencing is that SecureCRT is listening on the local loopback address only (IP address 127.0.0.1), which is only accessible to the local machine. You will need to change the port forward settings to listen on 0.0.0.0 (all IP addresses that belong to your machine, both the localhost IP addresses and the LAN private IP address), so that other machines on the network will have access to the port forward.

In the "Local" section of the "Local port forward properties" dialog you can enable the "Manually select local IP address on which to allow connections", then enter 0.0.0.0 as the IP address.

I have attached a screenshot of what I am referring to.

What does your port forward look like for the session?

Thank you.

JJH
Attached Images
File Type: png SCRT_LocalPortForwardingConfigurationExample.png (392.7 KB, 25 views)

Last edited by jjh; 09-11-2020 at 01:32 PM. Reason: Edited to provide more information
Reply With Quote