Hello, thank you for your quick answer. You are completely right with this: because they die away in case of network errors and reboots my script contain Reverse SSH Tunnel: [root at lab3 system]# cat /opt/ssh_tunnel.sh #!/bin/bash ssh -f -N -R 12345:localhost:22 root at 158.216.189.170 So as I understood from your explanation, I can do it in two different ways. *First way: * To create systemd-unit with path to existing script: [Unit] > Description=My Service > After=network.service systemd-networkd.service network-online.target > [Service] > Type=oneshot > *ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh* > [Install] > WantedBy=multi-user.target *Second way:* To create systemd-unit with all configuration inside. [Unit] > Description=SSH-Forwarding > After=network.service systemd-networkd.service network-online.target > [Service] > Type=simple > ExecStart= > */usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST} -N -C* > *-L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT}*Restart=always > RestartSec=60 > TimeoutSec=30 > CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE > [Install] > WantedBy=multi-user.target But in First Way I don't see this records: Restart=always > RestartSec=60 > TimeoutSec=30 So that means that my tunnel will die from time to time. (because network failure or something like that) And i see difference in this record (I will try to learn about it): Type=oneshot > Type=simple So this means that the best practice is to use *Second Way* described by you? PS: Sry for double sending On Wed, Aug 20, 2014 at 4:24 PM, Reindl Harald <h.reindl at thelounge.net> wrote: > > Am 20.08.2014 um 15:07 schrieb Alan Holt: > > I just install the newest version of Centos 7 and I am a bit disappointed > > with new /etc/rc/local file > > I found that it's not usable anymore. > > > > *[root at lab3 ~]# cat /etc/rc.local* > > " THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES" > > It is highly advisable to create own systemd services or udev rules > > to run scripts during boot instead of using this file. > > > > Usually I was added my script to /etc/rc.local > > > > *[root at lab3 ~]# echo /usr/bin/bash /opt/ssh_tunnel.sh >> /etc/rc.local* > > > > And it was working perfect. > > > > What I should do in new Centos 7, please help > > create a systemd-unit? > > in general such scripts for port-forwarding are plain crap > because they die away in case of network errors and reboots > > look at the service below, this survives a restart of the > forwarded remote machine because in case of a failure after > 60 seconds it executes ExecStart again > > and no - don't put multiple forwards in one service > > i have a machine with 8 such forwarder-services and they > are monitored by systemd because one MAINPID > > _____________________________________________________________________________ > > * touch /etc/systemd/system/tunnel.service > * put the content below in the file > * systemctl enable tunnel.service > * systemctl start tunnel.service > > [Unit] > Description=My Service > After=network.service systemd-networkd.service network-online.target > > [Service] > Type=oneshot > ExecStart=/usr/bin/bash /opt/ssh_tunnel.sh > > [Install] > WantedBy=multi-user.target > > _____________________________________________________________________________ > > [Unit] > Description=SSH-Forwarding > After=network.service systemd-networkd.service network-online.target > > [Service] > Type=simple > ExecStart=/usr/bin/ssh -i /home/gateway/.ssh/id_ecdsa gateway@${REMOTE_HOST} > -N -C > -L${LOCAL_ADDRESS}:${LOCAL_PORT}:127.0.0.1:${REMOTE_PORT} > Restart=always > RestartSec=60 > TimeoutSec=30 > CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE > > [Install] > WantedBy=multi-user.target > > _____________________________________________________________________________ > > ${REMOTE_HOST} = the machine with the service you want forwarded > ${LOCAL_ADDRESS} = 127.0.0.1 or your WAN-IP if the port should be > reachable from your LAN > ${LOCAL_PORT} = the port on your side > ${REMOTE_PORT} = the port of the service you want to forward > > -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3* *www.linuxspace.org* <http://www.linuxspace.org> *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org* <http://www.linuxspace.org/>