How to get remote IP address over a ssh remote port forwarding tunnel?Tunnel AFP over SSH over InternetDouble...

How can a valley surrounded by mountains be fertile and rainy?

Wrong corporate name on employment agreement

How hard is it to sell a home which is currently mortgaged?

Why transcripts instead of degree certificates?

Could human civilization live 150 years in a nuclear-powered aircraft carrier colony without resorting to mass killing/ cannibalism?

Why are there so many religions and gods?

What's the safest way to inform a new user of their password on my web site?

Getting geometries of hurricane's 'cone of uncertainty' using shapely?

Is there a nice way to assign std::minmax(a, b) to std::tie(a, b)?

Details of video memory access arbitration in Space Invaders

How can I convince my reader that I will not use a certain trope?

How would an order of Monks that renounce their names communicate effectively?

Should I report a leak of confidential HR information?

In native German words, is Q always followed by U, as in English?

Meaning of もてり and use of が

Being paid less than a "junior" colleague

Miss Toad and her frogs

Spicket or spigot?

Why do I need two parameters in an HTTP parameter pollution attack?

The Confused Alien

Most elegant way to write a one shot IF

Can a police officer film me on their personal device in my own home?

Do I have to roll to maintain concentration if a target other than me who is affected by my concentration spell takes damage?

Sum of Parts of An Array - JavaScript



How to get remote IP address over a ssh remote port forwarding tunnel?


Tunnel AFP over SSH over InternetDouble port forwarding - SSHReverse AutoSSH working, but the proxied LISTEN ports fail randomlySetting up port forwarding on router for reverse SSH tunnelSSH tunnel, port forwarding setupssh tunnel, port forwarding - confusedssh reverse tunnel & gateway ports: forwarding users real (public) IP address?SSH session through jumphost via remote port forwardingSingle step ssh port forwarding not working but only works when ssh port forwarding performed separately on remote jump-server and remote-localhost?ssh local port forwarding with 2 servers






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.



autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com


Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.



Output from w in localhost is like this.



 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty7 :0 14:24 8:03m 1.27s 0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE
user pts/0 ::1 22:27 1.00s 0.34s 0.03s w


/var/log/auth.log in localhost has entry like this



Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2


Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?










share|improve this question














bumped to the homepage by Community 2 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...

    – Rui F Ribeiro
    Mar 2 '18 at 19:40













  • @RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?

    – Abhik Bose
    Mar 2 '18 at 19:43






  • 1





    I prefer going in via a VPN and not expose ssh ports to the Internet.

    – Rui F Ribeiro
    Mar 2 '18 at 19:51






  • 1





    Maybe running a tun device and using iptables would be the solution?

    – davidbaumann
    Mar 3 '18 at 8:01


















1















I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.



autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com


Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.



Output from w in localhost is like this.



 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty7 :0 14:24 8:03m 1.27s 0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE
user pts/0 ::1 22:27 1.00s 0.34s 0.03s w


/var/log/auth.log in localhost has entry like this



Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2


Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?










share|improve this question














bumped to the homepage by Community 2 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...

    – Rui F Ribeiro
    Mar 2 '18 at 19:40













  • @RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?

    – Abhik Bose
    Mar 2 '18 at 19:43






  • 1





    I prefer going in via a VPN and not expose ssh ports to the Internet.

    – Rui F Ribeiro
    Mar 2 '18 at 19:51






  • 1





    Maybe running a tun device and using iptables would be the solution?

    – davidbaumann
    Mar 3 '18 at 8:01














1












1








1








I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.



autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com


Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.



Output from w in localhost is like this.



 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty7 :0 14:24 8:03m 1.27s 0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE
user pts/0 ::1 22:27 1.00s 0.34s 0.03s w


/var/log/auth.log in localhost has entry like this



Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2


Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?










share|improve this question














I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.



autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com


Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.



Output from w in localhost is like this.



 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user tty7 :0 14:24 8:03m 1.27s 0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE
user pts/0 ::1 22:27 1.00s 0.34s 0.03s w


/var/log/auth.log in localhost has entry like this



Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2


Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?







ssh ssh-tunneling port-forwarding






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 2 '18 at 19:38









Abhik BoseAbhik Bose

1,5921 gold badge5 silver badges26 bronze badges




1,5921 gold badge5 silver badges26 bronze badges





bumped to the homepage by Community 2 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 2 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...

    – Rui F Ribeiro
    Mar 2 '18 at 19:40













  • @RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?

    – Abhik Bose
    Mar 2 '18 at 19:43






  • 1





    I prefer going in via a VPN and not expose ssh ports to the Internet.

    – Rui F Ribeiro
    Mar 2 '18 at 19:51






  • 1





    Maybe running a tun device and using iptables would be the solution?

    – davidbaumann
    Mar 3 '18 at 8:01



















  • You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...

    – Rui F Ribeiro
    Mar 2 '18 at 19:40













  • @RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?

    – Abhik Bose
    Mar 2 '18 at 19:43






  • 1





    I prefer going in via a VPN and not expose ssh ports to the Internet.

    – Rui F Ribeiro
    Mar 2 '18 at 19:51






  • 1





    Maybe running a tun device and using iptables would be the solution?

    – davidbaumann
    Mar 3 '18 at 8:01

















You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...

– Rui F Ribeiro
Mar 2 '18 at 19:40







You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...

– Rui F Ribeiro
Mar 2 '18 at 19:40















@RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?

– Abhik Bose
Mar 2 '18 at 19:43





@RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?

– Abhik Bose
Mar 2 '18 at 19:43




1




1





I prefer going in via a VPN and not expose ssh ports to the Internet.

– Rui F Ribeiro
Mar 2 '18 at 19:51





I prefer going in via a VPN and not expose ssh ports to the Internet.

– Rui F Ribeiro
Mar 2 '18 at 19:51




1




1





Maybe running a tun device and using iptables would be the solution?

– davidbaumann
Mar 3 '18 at 8:01





Maybe running a tun device and using iptables would be the solution?

– davidbaumann
Mar 3 '18 at 8:01










1 Answer
1






active

oldest

votes


















0














The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:



$ ssh -v -R 2048:localhost:22 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341
^^^^^^^^^^^^^^^^^^^^^^^^^


To do something useful with the information, you'd have to do one of the following:




  • Run ssh in debug mode and capture and parse the relevant debug output.


  • Modify the ssh utility to log the information or otherwise do what you need it to do with the information.

  • Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.






share|improve this answer
























  • Sounds cumbersome....

    – Rui F Ribeiro
    Mar 2 '18 at 20:23














Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f427758%2fhow-to-get-remote-ip-address-over-a-ssh-remote-port-forwarding-tunnel%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:



$ ssh -v -R 2048:localhost:22 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341
^^^^^^^^^^^^^^^^^^^^^^^^^


To do something useful with the information, you'd have to do one of the following:




  • Run ssh in debug mode and capture and parse the relevant debug output.


  • Modify the ssh utility to log the information or otherwise do what you need it to do with the information.

  • Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.






share|improve this answer
























  • Sounds cumbersome....

    – Rui F Ribeiro
    Mar 2 '18 at 20:23
















0














The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:



$ ssh -v -R 2048:localhost:22 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341
^^^^^^^^^^^^^^^^^^^^^^^^^


To do something useful with the information, you'd have to do one of the following:




  • Run ssh in debug mode and capture and parse the relevant debug output.


  • Modify the ssh utility to log the information or otherwise do what you need it to do with the information.

  • Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.






share|improve this answer
























  • Sounds cumbersome....

    – Rui F Ribeiro
    Mar 2 '18 at 20:23














0












0








0







The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:



$ ssh -v -R 2048:localhost:22 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341
^^^^^^^^^^^^^^^^^^^^^^^^^


To do something useful with the information, you'd have to do one of the following:




  • Run ssh in debug mode and capture and parse the relevant debug output.


  • Modify the ssh utility to log the information or otherwise do what you need it to do with the information.

  • Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.






share|improve this answer













The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:



$ ssh -v -R 2048:localhost:22 localhost
...
debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341
^^^^^^^^^^^^^^^^^^^^^^^^^


To do something useful with the information, you'd have to do one of the following:




  • Run ssh in debug mode and capture and parse the relevant debug output.


  • Modify the ssh utility to log the information or otherwise do what you need it to do with the information.

  • Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 2 '18 at 20:22









KensterKenster

1,5041 gold badge8 silver badges12 bronze badges




1,5041 gold badge8 silver badges12 bronze badges













  • Sounds cumbersome....

    – Rui F Ribeiro
    Mar 2 '18 at 20:23



















  • Sounds cumbersome....

    – Rui F Ribeiro
    Mar 2 '18 at 20:23

















Sounds cumbersome....

– Rui F Ribeiro
Mar 2 '18 at 20:23





Sounds cumbersome....

– Rui F Ribeiro
Mar 2 '18 at 20:23


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f427758%2fhow-to-get-remote-ip-address-over-a-ssh-remote-port-forwarding-tunnel%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Taj Mahal Inhaltsverzeichnis Aufbau | Geschichte | 350-Jahr-Feier | Heutige Bedeutung | Siehe auch |...

Baia Sprie Cuprins Etimologie | Istorie | Demografie | Politică și administrație | Arii naturale...

Ciclooctatetraenă Vezi și | Bibliografie | Meniu de navigare637866text4148569-500570979m