PuTTY Remote Port Forwarding not connecting - Server refused?
So I'm at work and we have port 80/443 blocked. I'm trying to get access to the internet via SSH Tunnel. I'm currently connected to a VPN that gives me access to the external network but of course I can't browse. So I'm trying to connect to my SSH Server at home using putty following this tutorial http://anotheritblog.net/2012/11/26/ssh-tunneling-on-windows-with-putty/. My server is listening on port 222 and does have the GatewayPorts yes
option configured but PuTTY is telling me it's disabled on my server when it isn't?
2016-03-16 11:09:08 Requesting remote port 80 forward to myserver.com:222
2016-03-16 11:09:08 Remote debug message: Server has disabled port forwarding.
2016-03-16 11:09:08 Remote port forwarding from 80 refused
Since I'm forwarding port 80 I thought maybe it was a firewall issue on my server so I added this rule to IPTABLES
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
but this did not resolve the problem. I even changed the GatewayPorts yes
to GatewayPorts clientspecified
but that also did not resolve the problem. Any ideas?
Solution 1:
If you are getting a message indicating the server has disabled port forwarding do you have AllowTCPForwarding no
in the SSHD configuration file? The configuration file will likely be /etc/ssh/sshd_config
on a Linux SSH server. If you do, change it to AllowTCPForwarding yes
and restart the SSH server service.
Did you configure PuTTY to use a SOCKS proxy connection and then configure your browser to use the SOCKS proxy connection? For web access on ports 80 (HTTP) and 443 (HTTPS) that is the way I normally access websites via a tunneled SSH connection.
Solution 2:
From the log, you're trying to create a reverse tunnel from the destination of the putty session back through putty and to myserver.com on port 222. I'm a bit confused as to how you would use this to browse the Internet from the PC running putty. So perhaps I'm confused as to what you're trying to do, or how you've set things up. There are several types of VPN, so it would be helpful to name the product or describe the nature of the VPN.
I've seen this specific message when the remote server already had a session listening on the remote port in question - in this case, port 80. However, it is likely to also be a problem if the remote user account you used to login does not have permission to create a socket listening on port 80. Under UNIX and Linux, listening sockets that accept connections on ports below 1024 can only be created by the root user.
Try changing the remote port number from 80 to something like 8080 and see if you continue to get the same error.