port forwarding in linux

Hi,

Port forwarding is configured to start a port forwarding daemon when system first startup.

Is it possible to allow only particular accounts (rather than everyone) to start this forwarding when they first login to Linux ? Where can I put put this port forwarding script ?

Tks
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
What kind of port-forwarding are we talking about?

There's iptable forward and there's also IP forward which needs to be enabled because the Linux kernel disables this by default

IP forward can be enabled with this (not permanent)
sysctl -w net.ipv4.ip_forward=1

Open in new window

To change it permanently you need to configure the /etc/sysctl.conf file like so:
net.ipv4.ip_forward = 1

Open in new window

And then do
sysctl -p /etc/sysctl.conf

Open in new window


There's other ways to do forwarding, kind of ... But I'm not sure what script you're talking about.
0
AXISHKAuthor Commented:
This is not what I want...

The existing forwarding script is
runuser -l sadm -c 'ssh -fNg -L 3306:localhost:3306 sadm@dmysql01

This is run when the system is restarted and appy to all user.

I want this for few users only, is it possible ?
0
Zephyr ICTCloud ArchitectCommented:
You could add the script to be run at login only for the users that need it, instead of starting it during startup.

Place the script in a folder of the user and add the command to start it in, either the file /etc/profile, if that file exists or if that file doesn't exist try ~/.bash_profile, ~/.bash_login, and ~/.profile, the login process goes over these files in that order,
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

AXISHKAuthor Commented:
Tks.
 
How to ensure that the script will be ended when the user logoff ?
0
Zephyr ICTCloud ArchitectCommented:
Use the ~/.bash_logout file to stop the forwarding you've setup durin logon.
0
AXISHKAuthor Commented:
How to ensure the it will only kill those ssh forwarding connection owned by a user ? What should I need to add to the following command ?

Tks

ps -aux | grep '3306:localhost:3306' | grep -v grep
0
AXISHKAuthor Commented:
Try the following but it doesn't work ....

ps -aux | grep `echo $USER` | grep '3306:localhost:3306' | grep -v grep
0
Zephyr ICTCloud ArchitectCommented:
You should be able to kill the process by doing what you do ...

Try:
ps aux | grep 3306

Open in new window


Find the PID of the process and kill it (kill -9 <PID>)
0
AXISHKAuthor Commented:
ps -aux | grep `echo $USER` | grep '3306:localhost:3306' | grep -v grep

the command explicitly list the the ssh forwarding for the current user, but how to redirect the result to kill it ?
0
Zephyr ICTCloud ArchitectCommented:
You should put that in a script with something like this perhaps:

kill $(ps aux |  grep `echo $USER` | grep '3306:localhost:3306' | awk '{print $2}')

The awk takes the second field of each line, whichshould be the PID...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
Tks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.