I have a web server running on a local machine and it is easily accessible to all machines on the LAN. I also have a remote server with a public IP address/URL pointing to it (example.com). I cannot access my local server from outside of my network because I'm stuck behind my ISP's NAT (they won't grant public IP or port forward anything), so I'm trying to configure a reverse SSH tunnel to grant public access.
I am running ssh -R 8080:localhost:80 jemeadows@example.com -i $SSH_KEY -N
on the local server to try to create the tunnel.
Using eLinks on the remote server, I can access 127.0.0.1:8080, and it correctly displays the sites on the local server. However, visiting example.com:8080 in the browser does not show anything. I've tried using local port forwarding to redirect incoming traffic to 127.0.0.1:8080 but that doesn't work. Any other ideas to redirect incoming traffic from a web browser into my SSH tunnel?
Best Answer
-R 8080:localhost:80
is usually not enough. Seeman 1 ssh
[emphasis mine]:Your tries with
127.0.0.1:8080
on the server indicate the listening socket is bound to the loopback interface. Most likely it is not bound to any other interface.You need to explicitly specify
bind_address
or to use*
or to use an empty string asbind_address
. The option with an emptybind_address
looks like this (note the leading:
):Additionally the state of
GatewayPorts
in thesshd_config
on the server is important. Fromman 5 sshd_config
:To achieve what you want the option must not be
no
. Noteno
is the default value, so unspecifiedGatewayPorts
still meansno
. The value ofyes
will make-R 8080:localhost:80
work like-R :8080:localhost:80
.I advise
GatewayPorts clientspecified
in the server config andssh -R :8080:localhost:80 …
on the client.Possible additional problems:
8080
port coming in from the Internet.example.com
(compare Why does the original site work, but port forwarding to the same site fails?).