ssh remoteforward over multiple hops

Question

I am attempting a multi-hop SSH tunnel that needs to route traffic in both directions. My network config is:

My personal shell is on machineA
machineA can SSH into machineB
machineB can SSH into machineC
machineC is locally connected via ethernet to machineD

There is a service running on machineD wherein machineC sends UDP packets to machineD's portX, and machineD sends its replies via UDP to machineC's portY.

I have successfully done the following:
(from machineA)
ssh machineB
(from resulting shell)
ssh machineC
(from resulting shell)
echo "my command" | nc -u machineD portX #Send command to machineD's service
nc -ul portY #Read the results on machineC's port

I would like to do all of this via tunnels, so that I can run custom scripts directly on machine A to formulate service commands and parse the results. I tried the following in my .ssh config file:

    host machineB
        hostname x.x.x.x
        user username_machineB
        localforward 1234 machineC:22

    host machineC
        hostname localhost
        user username_machineC
        port 1234
        localforward 1235 machineD:portX
        remoteforward 1236 localhost:portY

I thought I could then do the following:
(from machineA)
ssh machineB
(from machineA again)
ssh machineC
(from machineA again)
echo "my command" | nc -u localhost 1235
nc -ul 1236

But...it doesn't seem to work. I don't see any of the expected replies on 1236. I'm not exactly sure how to debug this. I'm also not entirely sure of the format of those "localforward" and "remoteforward" lines on machineC's configuration. I don't know who will be interpreted as "localhost" when evaluating those lines. I suspect that remoteforwarding might be disabled on machineC, but I want to make sure I have configured everything else correctly first. Am I Doing It Wrong?

Alternatively, is there another way to achieve my end goal without having to change any configuration on machineB, C, or D? What I would like to do is use machineA to programatically construct complex commands intended for machineD, and parse the results using scripts on machineA as well.

Answer 1

You have to think backwards when you are doing this.

So basically machC can talk to machD's portX.

So you really want to run this on machA:

ssh machC

This is your end goal since that machine sends and receives from machD

Now you cannot get to machC directly, this is where your ProxyCommand entries come in.

host machC
    ProxyCommand ssh machB nc %h %p

So you said machA can ssh to machB no problem. now if you do:

ssh -v machC

You'll see it hop through those things. But really you want a port forwarding and listener from machC to the ports on machD so you change the machC settings:

host machC
     ProxyCommand ssh machB nc %h %p
     # first part is port on your current shell, second part is relative to machC
     LocalForward 1234 machD:portX
     RemoteForward 1235 localhost:portY

so using your example above:

host machineB
    hostname x.x.x.x
    user username_machineB

host machineC
    ProxyCommand ssh machineB nc %h %p
    hostname localhost
    user username_machineC
    localforward 1235 machineD:portX
    remoteforward 1236 localhost:portY

Then you can use command:

ssh machineC

use -v to see the hops and tunnels, and -N if you don't care about getting a shell. Now you can talk to your localhost's port 1235 to send to machineD portX and read from 1236 to listen to machineC portY