By keith.brodie
I have an SSH tunneling scheme which works on my local cluster but has connection failures when I try to use it on my Ubuntu droplet. I set up the tunnel in SSH from my local machine like this:
ssh -L 12003:127.0.0.1:12003 NYTrader -N
NYTrader is defined in my config with the droplet IP and user root. That command works apparently - from my droplet:
root@NYTrader:~# ss -tuln
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:*
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:*
tcp LISTEN 0 1 0.0.0.0:12003 0.0.0.0:*
tcp LISTEN 0 4096 *:22 *:*
root@NYTrader:~#
I have a script on the droplet sending characters every 2 seconds on 12003.
From my local PC:
telnet 127.0.0.1 12003
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Why is this connection refused? The tunnel appears to be up?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Not sure where I went wrong - but it’s working now. Thanks for the replies
Heya,
The SSH tunneling setup you described should allow you to forward traffic from port 12003 on your local machine to port 12003 on the remote machine (NYTrader). The fact that ss -tuln shows tcp LISTEN 0 1 0.0.0.0:12003 0.0.0.0:* on the remote machine means that the port 12003 is indeed open and listening on all interfaces (0.0.0.0).
However, the connection refused error when you attempt to telnet to 127.0.0.1:12003 on your local machine indicates that the tunnel might not be properly forwarding the traffic or there could be some other issue preventing the connection.
Hey!
Does the telnet 127.0.0.1 12003 command work as expected when you run it on the Droplet itself?
The command you’ve used for the SSH tunnel seems fine, but can you confirm that NYTrader is correctly defined in your SSH config file? It should look something like this:
Another thing that you could test out is that there is no firewall rule on your local machine that could be blocking outgoing connections to localhost:12003. You can test that quickly with telnet portquiz.net 12003
Let me know how it goes!
- Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.