port forwarding in linux


Port forwarding is configured to start a port forwarding daemon when system first startup.

Is it possible to allow only particular accounts (rather than everyone) to start this forwarding when they first login to Linux ? Where can I put put this port forwarding script ?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
What kind of port-forwarding are we talking about?

There's iptable forward and there's also IP forward which needs to be enabled because the Linux kernel disables this by default

IP forward can be enabled with this (not permanent)
sysctl -w net.ipv4.ip_forward=1

Open in new window

To change it permanently you need to configure the /etc/sysctl.conf file like so:
net.ipv4.ip_forward = 1

Open in new window

And then do
sysctl -p /etc/sysctl.conf

Open in new window

There's other ways to do forwarding, kind of ... But I'm not sure what script you're talking about.
AXISHKAuthor Commented:
This is not what I want...

The existing forwarding script is
runuser -l sadm -c 'ssh -fNg -L 3306:localhost:3306 sadm@dmysql01

This is run when the system is restarted and appy to all user.

I want this for few users only, is it possible ?
Zephyr ICTCloud ArchitectCommented:
You could add the script to be run at login only for the users that need it, instead of starting it during startup.

Place the script in a folder of the user and add the command to start it in, either the file /etc/profile, if that file exists or if that file doesn't exist try ~/.bash_profile, ~/.bash_login, and ~/.profile, the login process goes over these files in that order,
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

AXISHKAuthor Commented:
How to ensure that the script will be ended when the user logoff ?
Zephyr ICTCloud ArchitectCommented:
Use the ~/.bash_logout file to stop the forwarding you've setup durin logon.
AXISHKAuthor Commented:
How to ensure the it will only kill those ssh forwarding connection owned by a user ? What should I need to add to the following command ?


ps -aux | grep '3306:localhost:3306' | grep -v grep
AXISHKAuthor Commented:
Try the following but it doesn't work ....

ps -aux | grep `echo $USER` | grep '3306:localhost:3306' | grep -v grep
Zephyr ICTCloud ArchitectCommented:
You should be able to kill the process by doing what you do ...

ps aux | grep 3306

Open in new window

Find the PID of the process and kill it (kill -9 <PID>)
AXISHKAuthor Commented:
ps -aux | grep `echo $USER` | grep '3306:localhost:3306' | grep -v grep

the command explicitly list the the ssh forwarding for the current user, but how to redirect the result to kill it ?
Zephyr ICTCloud ArchitectCommented:
You should put that in a script with something like this perhaps:

kill $(ps aux |  grep `echo $USER` | grep '3306:localhost:3306' | awk '{print $2}')

The awk takes the second field of each line, whichshould be the PID...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.