Mdthbs

How can a valley surrounded by mountains be fertile and rainy?

Wrong corporate name on employment agreement

How hard is it to sell a home which is currently mortgaged?

Why transcripts instead of degree certificates?

Could human civilization live 150 years in a nuclear-powered aircraft carrier colony without resorting to mass killing/ cannibalism?

Why are there so many religions and gods?

What's the safest way to inform a new user of their password on my web site?

Getting geometries of hurricane's 'cone of uncertainty' using shapely?

Is there a nice way to assign std::minmax(a, b) to std::tie(a, b)?

Details of video memory access arbitration in Space Invaders

How can I convince my reader that I will not use a certain trope?

How would an order of Monks that renounce their names communicate effectively?

Should I report a leak of confidential HR information?

In native German words, is Q always followed by U, as in English?

Meaning of もてり and use of が

Being paid less than a "junior" colleague

Miss Toad and her frogs

Spicket or spigot?

Why do I need two parameters in an HTTP parameter pollution attack?

The Confused Alien

Most elegant way to write a one shot IF

Can a police officer film me on their personal device in my own home?

Do I have to roll to maintain concentration if a target other than me who is affected by my concentration spell takes damage?

Sum of Parts of An Array - JavaScript

How to get remote IP address over a ssh remote port forwarding tunnel?

Tunnel AFP over SSH over InternetDouble port forwarding - SSHReverse AutoSSH working, but the proxied LISTEN ports fail randomlySetting up port forwarding on router for reverse SSH tunnelSSH tunnel, port forwarding setupssh tunnel, port forwarding - confusedssh reverse tunnel & gateway ports: forwarding users real (public) IP address?SSH session through jumphost via remote port forwardingSingle step ssh port forwarding not working but only works when ssh port forwarding performed separately on remote jump-server and remote-localhost?ssh local port forwarding with 2 servers

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

1

I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.

autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com

Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.

Output from w in localhost is like this.

 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

user tty7     :0               14:24    8:03m  1.27s  0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE

user pts/0    ::1              22:27    1.00s  0.34s  0.03s w

/var/log/auth.log in localhost has entry like this

Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2

Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?

ssh ssh-tunneling port-forwarding

share|improve this question

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

bumped to the homepage by Community♦ 2 hours ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...
  
  – Rui F Ribeiro
  Mar 2 '18 at 19:40
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?
  
  – Abhik Bose
  Mar 2 '18 at 19:43
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  I prefer going in via a VPN and not expose ssh ports to the Internet.
  
  – Rui F Ribeiro
  Mar 2 '18 at 19:51
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Maybe running a tun device and using iptables would be the solution?
  
  – davidbaumann
  Mar 3 '18 at 8:01
  

  
  
  
  

add a comment | 

1

I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.

autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com

Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.

Output from w in localhost is like this.

 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

user tty7     :0               14:24    8:03m  1.27s  0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE

user pts/0    ::1              22:27    1.00s  0.34s  0.03s w

/var/log/auth.log in localhost has entry like this

Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2

Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?

ssh ssh-tunneling port-forwarding

share|improve this question

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

bumped to the homepage by Community♦ 2 hours ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You cannot use failtoban to block IPs and you only see the IP address of the other side of the SSH tunnel...
  
  – Rui F Ribeiro
  Mar 2 '18 at 19:40
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @RuiFRibeiro Yes, that's true. I'm asking is there a way to get the client's actual IP instead the IP address of other side of the tunnel's localhost ip ::1?
  
  – Abhik Bose
  Mar 2 '18 at 19:43
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  I prefer going in via a VPN and not expose ssh ports to the Internet.
  
  – Rui F Ribeiro
  Mar 2 '18 at 19:51
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Maybe running a tun device and using iptables would be the solution?
  
  – davidbaumann
  Mar 3 '18 at 8:01
  

  
  
  
  

add a comment | 

I'm running a test server behind NAT. I've forwarded remote port 2222 from another public IP server (example.com) to port 22 of the server behind NAT (localhost) as follows.

autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com

Now the local ssh server behind NAT getting only ::1 as IP address of all clients irrespective of client's actual IP address.

Output from w in localhost is like this.

 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

user tty7     :0               14:24    8:03m  1.27s  0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE

user pts/0    ::1              22:27    1.00s  0.34s  0.03s w

/var/log/auth.log in localhost has entry like this

Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2

Now I want to run fail2ban or csf firewall to block spam IP addresses. So, I want client's actual IP address. How can I do this? Is any iptables NAT rewriting rule helpful?

ssh ssh-tunneling port-forwarding

share|improve this question

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

autossh -f -N -i /root/.ssh/id_rsa -R 2222:localhost:22 root@example.com

 22:27:37 up  8:03,  2 users,  load average: 0.03, 0.03, 0.09

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

user tty7     :0               14:24    8:03m  1.27s  0.33s /usr/bin/lxsession -s LXDE-pi -e LXDE

user pts/0    ::1              22:27    1.00s  0.34s  0.03s w

Feb 28 22:27:32 localhost sshd[5201]: Accepted password for user from ::1 port 55168 ssh2

share|improve this question

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

share|improve this question

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

asked Mar 2 '18 at 19:38

Abhik BoseAbhik Bose

1,59211 gold badge55 silver badges2626 bronze badges

1 Answer
1

active

oldest

votes

0

The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:

$ ssh -v -R 2048:localhost:22 localhost

...

debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341

                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^

To do something useful with the information, you'd have to do one of the following:

• Run ssh in debug mode and capture and parse the relevant debug output.


• 
  Modify the ssh utility to log the information or otherwise do what you need it to do with the information.


• Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.

share|improve this answer

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sounds cumbersome....
  
  – Rui F Ribeiro
  Mar 2 '18 at 20:23
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f427758%2fhow-to-get-remote-ip-address-over-a-ssh-remote-port-forwarding-tunnel%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:

$ ssh -v -R 2048:localhost:22 localhost

...

debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341

                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^

To do something useful with the information, you'd have to do one of the following:

• Run ssh in debug mode and capture and parse the relevant debug output.


• 
  Modify the ssh utility to log the information or otherwise do what you need it to do with the information.


• Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.

share|improve this answer

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sounds cumbersome....
  
  – Rui F Ribeiro
  Mar 2 '18 at 20:23
  

  
  
  
  

add a comment | 

0

The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:

$ ssh -v -R 2048:localhost:22 localhost

...

debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341

                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^

To do something useful with the information, you'd have to do one of the following:

• Run ssh in debug mode and capture and parse the relevant debug output.


• 
  Modify the ssh utility to log the information or otherwise do what you need it to do with the information.


• Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.

share|improve this answer

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sounds cumbersome....
  
  – Rui F Ribeiro
  Mar 2 '18 at 20:23
  

  
  
  
  

add a comment | 

The SSH protocol messages for opening a TCP forwarding session include the IP address and port of the client which connected to the forwarded port. The OpenSSH ssh utility just logs the information and doesn't do anything else with it:

$ ssh -v -R 2048:localhost:22 localhost

...

debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341

                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^

To do something useful with the information, you'd have to do one of the following:

• Run ssh in debug mode and capture and parse the relevant debug output.


• 
  Modify the ssh utility to log the information or otherwise do what you need it to do with the information.


• Use a different ssh client, or write your own. SSH libraries exist for most modern programming languages.

share|improve this answer

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges

$ ssh -v -R 2048:localhost:22 localhost

...

debug1: client_request_forwarded_tcpip: listen localhost port 2048, originator ::1 port 49341

                                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^

share|improve this answer

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges

answered Mar 2 '18 at 20:22

KensterKenster

1,50411 gold badge88 silver badges1212 bronze badges