PuTTY dynamic port forwarding with access to localhost ports

port-forwardingputtyssh-tunnel

I want to combine the functionality of two SSH tunnels set up through PuTTY.

The first tunnel is:

PuTTY: L8000 127.0.0.1:8000 (in SSH->Tunnels), and
Firefox: SOCKS (v5) Host:127.0.0.1, Port:8000

This lets me navigate to http://localhost:8000 on my local browser and connect to localhost:8000 on my remote server, which I use to access a web development server on that port.

The second tunnel simply uses PuTTY set to D8000 (with same Firefox settings), which lets me browse the internet at large through my remote server.

The problem is, I want to connect to, say, "google.com" and "localhost:8000" (on the remote server) in the same session. This is mainly because my web development server (tunnel 1) needs access to remote links (e.g. google APIs). I thought the dynamic port forward in tunnel 2 would work but I can no longer reach localhost:8000 on the remote server by navigating to localhost:8000 in the browser.

I have searched far and wide but I cannot find any answer. I suspect it's because the answer is too obvious :/

tunnel 1 PuTTY settings

tunnel 2 PuTTY settings

netstat -nptl output (with development server running)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 23172/python tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 574/sshd tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 572/memcached tcp 0 0 127.0.0.1:38637 0.0.0.0:* LISTEN 27836/firefox tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 27635/Xvfb tcp 0 0 127.0.0.1:5454 0.0.0.0:* LISTEN 812/postgres tcp6 0 0 :::3047 :::* LISTEN 574/sshd tcp6 0 0 :::11211 :::* LISTEN 572/memcached tcp6 0 0 :::6000 :::* LISTEN 27635/Xvfb tcp6 0 0 :::8983 :::* LISTEN 257/java

Best Answer

So you are forwarding 8000 on your local machine to connect to a webserver listening on 127.0.0.1:8000 on your remote machine?

Then you are asking putty to listen on 8000 on your local machine to do the dynamic port forwarding. It won't be able to do both at once.

You could change the dynamic port to something other than 8000 - how about 8001?

So have the Dynamic forward (SOCKS) on 8001, and keep the local port forward from 8000 to 127.0.0.1:8000.

Related Solutions

How to determine the port allocated on the server for a dynamically bound openssh reverse tunnel

If you set the 'LogLevel' in the sshd_config configuration file to DEBUG1 (or any DEBUG level), then sshd will log the port numbers in /var/log/auth.log.

Do remember, that using a LogLevel of DEBUG or higher could be a privacy risk, since much is logged.

(from /var/log/auth.log, removed a few lines to show relevant information)

Jun 24 06:18:24 radon sshd[9334]: Connection from 192.168.13.10 port 39193
Jun 24 06:18:24 radon sshd[9334]: Accepted publickey for lornix from 192.168.13.10 port 39193 ssh2
Jun 24 06:18:24 radon sshd[9334]: pam_unix(sshd:session): session opened for user lornix by (uid=0)
Jun 24 06:18:24 radon sshd[9334]: User child is on pid 9339
Jun 24 06:18:24 radon sshd[9339]: debug1: Local forwarding listening on 0.0.0.0 port 0.
Jun 24 06:18:24 radon sshd[9339]: debug1: Allocated listen port 39813
Jun 24 06:18:24 radon sshd[9339]: debug1: channel 0: new [port listener]
Jun 24 06:18:24 radon sshd[9339]: debug1: Local forwarding listening on :: port 39813.
Jun 24 06:18:24 radon sshd[9339]: debug1: channel 1: new [port listener]
Jun 24 06:18:27 radon sshd[9339]: Received disconnect from 192.168.13.10: 11: disconnected by user

If you follow it through, you can see where you could parse the connection information, and then the forwarded port (39813 in this case)

I used this command line between two of my machines, I do have ssh-key login set up, so no password prompts or delays

-xenon- lornix:~> ssh -R "*:0:radon:22" -N -T radon
Allocated port 39813 for remote forward to radon:22

-N specifies no command is given, and -T stops allocation of a tty for this connection.

Another way to disseminate the port connection information would be to parse it from the client side and send an email, jabber, text msg, smoke signals or pigeon to carry the port # to whomever needs it.

Windows – How to set up HTTP/SOCKS5 tunneling proxy on Windows using freeSSHd

Assuming you mean to access an external SOCKS proxy from windows, here you go. If you meant setting up a SSH server in windows, cygwin can do this with sshd.

In windows, cygwin makes this easy, but if you don't have cygwin already, here are PuTTY instructions.

Set it up like this:
replace port 2222 with 22 or whatever your port for SSH is. Leaving it blank should work too. 22 is the default, but I had it on a non-standard port. Replace 127.0.0.1 here with your actual address.

Setting up puTTY - 1

Here, LEAVE the 127.0.0.1 where it is. It is SUPPOSED to be there. You can change 8080 to whatever port you want the SOCKS proxy on.
Setting up puTTY - 2

Be sure to set the login username to whatever yours is. Mine is 'mobile' on my iphone, which I was using when i made this example for the apple stack exchange. Setting up puTTY - 3

If you want, you can then save a profile for this, to avoid setting it all back up each time you have a problem. This is done in the 'session' section at the very top.

Linux/Unix/BSD/Solaris/OSX/HP-UX/whatever I'm still missing

You can run ssh -D 8080 user@address

Now, you need to open your web browser of choice; I use firefox, so I will use it as an example. I have used chrome and opera, but as I do not like them and do not currently have them installed, I cannot presently use it for an example. But you set it up as a SOCKS proxy, regardless of browser.

These screenshots were done with a forwarded X11, so the fonts are ugly, but pay it no mind.
First, go to the preferences window (tools -> options or edit -> preferences, depending on OS). Then, go to Advanced -> Network -> Settings.... Firefox Configuration 1

Use the following configuration for the browser.
Firefox Configuration 2

Problems and Solutions

Problem:

My app doesn't allow setting a SOCKS proxy.

Solution:

I have had this problem with games like Minecraft. Here's some fixes.
For minecraft, I added a argument to ssh. I regularly play on the nerd.nu reddit minecraft servers (reddit.com/r/mcpublic). Since minecraft 1.6, SSH tunneling and SOCKS proxies set as command line arguments haven't worked. You used to be able to add java parameters -DSocksProxyHost=127.0.0.1 -DSocksProxyPort=8080 and it would work. Now, however, the solution isn't quite as nice, but it does work.

When you start ssh, instead of ssh -D 8080 user@address, do
ssh -D 8080 -L 127.0.0.1:25565:p.nerd.nu:25565 user@address.
Then, when you want to connect to the server, instead add the URL 127.0.0.1:25565 to your list of servers! The remote server will appear on 127.0.0.1/localhost thanks to the miracle of SSH tunneling!

For other programs/games, the same rule applies. If you can't set a SOCKS proxy and nothing else works, just add -L 127.0.0.1:<port>:<remote URL to access>:<remote port>.

There is nothing forcing you to use the same port on 127.0.0.1 that you would normally, so I could have, for example, mapped p.nerd.nu:25565 to 127.0.0.1:1025 and the game wouldn't care as long as I specified the port. Not all programs are so lenient, but it's useful to remember.