PuTTY Remote Port Forwarding not connecting - Server refused?

port-forwarding putty sshd

12,576

Solution 1

If you are getting a message indicating the server has disabled port forwarding do you have AllowTCPForwarding no in the SSHD configuration file? The configuration file will likely be /etc/ssh/sshd_config on a Linux SSH server. If you do, change it to AllowTCPForwarding yes and restart the SSH server service.

Did you configure PuTTY to use a SOCKS proxy connection and then configure your browser to use the SOCKS proxy connection? For web access on ports 80 (HTTP) and 443 (HTTPS) that is the way I normally access websites via a tunneled SSH connection.

Solution 2

From the log, you're trying to create a reverse tunnel from the destination of the putty session back through putty and to myserver.com on port 222. I'm a bit confused as to how you would use this to browse the Internet from the PC running putty. So perhaps I'm confused as to what you're trying to do, or how you've set things up. There are several types of VPN, so it would be helpful to name the product or describe the nature of the VPN.

I've seen this specific message when the remote server already had a session listening on the remote port in question - in this case, port 80. However, it is likely to also be a problem if the remote user account you used to login does not have permission to create a socket listening on port 80. Under UNIX and Linux, listening sockets that accept connections on ports below 1024 can only be created by the root user.

Try changing the remote port number from 80 to something like 8080 and see if you continue to get the same error.

12,576

xR34P3Rx

Updated on September 18, 2022

Comments

xR34P3Rx almost 2 years
So I'm at work and we have port 80/443 blocked. I'm trying to get access to the internet via SSH Tunnel. I'm currently connected to a VPN that gives me access to the external network but of course I can't browse. So I'm trying to connect to my SSH Server at home using putty following this tutorial http://anotheritblog.net/2012/11/26/ssh-tunneling-on-windows-with-putty/. My server is listening on port 222 and does have the GatewayPorts yes option configured but PuTTY is telling me it's disabled on my server when it isn't?
```
2016-03-16 11:09:08 Requesting remote port 80 forward to myserver.com:222
2016-03-16 11:09:08 Remote debug message: Server has disabled port forwarding.
2016-03-16 11:09:08 Remote port forwarding from 80 refused
```
Since I'm forwarding port 80 I thought maybe it was a firewall issue on my server so I added this rule to IPTABLES
```
# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
```
but this did not resolve the problem. I even changed the GatewayPorts yes to GatewayPorts clientspecified but that also did not resolve the problem. Any ideas?
- Zina over 8 years
  
  Being at a workplace where 80/443 are blocked and you still trying to browse the net? Are you sure you will not breach any company security policy by doing this? If you need access to Internet resources for your work than the company should be able to provide you the needed means to do it.
- xR34P3Rx over 8 years
  
  @Zina by "policy", yes. But then again, they are breaking their own policy because apparently internet permissions is given to user accounts, i dont know how but it is. And my account doesnt have internet access, then on top of that, since internet permissions is given through your account (or login, whatever); the area that im in, we're not supposed to have internet, yet some of my co-workers IN THAT AREA have internet... So the company is breaking its own policy to begin with therefore i dont see the problem.
- Zina over 8 years
  
  Just want to be sure that you don't get yourself fired. And if some of your co-workers have internet access and they really shouldn't have, maybe it would be better to see if this is a security risk as you told the area you are in should not have internet access. And I see a problem - something is definitively wrong there...
- xR34P3Rx over 8 years
  
  there's a lot of things wrong with this company. but i'll try to keep it on the down low. I even have a suspicion that one of the managers doesn't like me. We haven't even talked before but that's off topic,,, Thanks for the concern!
xR34P3Rx over 8 years

nope. its set to yes. Just checked it. Im suspecting it could be that im using a VPN but im not too sure.
xR34P3Rx over 8 years

i will try to do it with SOCKS, thanks for the suggestion. I tried it on my home computer and it seems to be forwarding when i see the event log in putty.
André Laszlo almost 5 years

This is the default setting in Alpine, apparently. I got stuck for way to long on that. Not usually using Putty so I didn't realize there's a log in the Putty context menu under "Event log".