Linux – SSH -L local port forwarding with localhost points to wrong pages

linuxssh-tunnel

sorry if my question is stupid but I can't understand two things. Lets assume I'm doing the expample written here:

[…]you wanted to connect from your laptop to http://www.ubuntuforums org using an SSH tunnel. You would use source port number 8080 (the alternate http port), destination port 80 (the http port), and destination server www.ubuntuforums.org. :
ssh -L 8080:www.ubuntuforums.org:80 <host>
Where <host> should be replaced by the name of your laptop.

Q1: What I can actually achieve with this? On the remote server, there is no sshd available, so traffic lefts my PC unencrypted, right? What would I need this for?

Q2: I'm trying to do ssh -L 4444:linuxpl.com:80 localhost. When I enter http://localhost:4444 in my web browser, I can see internal site of LiteSpeed Web Server. When I try other pages, I can see Apache internal sites. When I try some other, I can see this site's 404 page not found message. Some of them work as expected, though. Why this happens? How to fix it?

Best Answer

Q1: You wouldn't want to do that. The page is silly in its wording. As you said, the traffic would go from your computer to your computer encrypted, then totally unencrypted to the forum site. They could've explained it by using another computer to forward the traffic, for example to bypass a firewall.

What the tutorial means is "you want to connect to the forum through your laptop from another machine" and then it makes better sense.

Q2: If you open http://localhost:4444/ on your machine, it will make a HTTP requrest to the forum, but it will tell the forum that you want host localhost, not linuxpl.com. The server will then probably return a default page and not the actual virtual host that you wanted since it's using virtual hosts and localhost does not map to the same site as linuxpl.com.

So all in all, forwarding HTTP traffic through ssh tunnels will not work that easily many times. Forwarding to a proxy somewhere would work a lot better.

To get your browser to send proper headers, you might succeed by setting your hosts file to claim the target address is your machine. This way when the browser is resolving the address, it will connect to your local machine and still tell the HTTP server the proper hostname.

You can try this by adding the line

127.0.0.1        linuxpl.com

to /etc/hosts

Related Solutions

PuTTY dynamic port forwarding with access to localhost ports

So you are forwarding 8000 on your local machine to connect to a webserver listening on 127.0.0.1:8000 on your remote machine?

Then you are asking putty to listen on 8000 on your local machine to do the dynamic port forwarding. It won't be able to do both at once.

You could change the dynamic port to something other than 8000 - how about 8001?

So have the Dynamic forward (SOCKS) on 8001, and keep the local port forward from 8000 to 127.0.0.1:8000.

Extending an SSH SOCKS5 Proxy to the Far Endpoint

ssh -L localhost:1080:localhost:1080 my-username@host-ssh-jump-server -t 'ssh -N -D localhost:1080 root@host-server'

Best Answer

Related Solutions

PuTTY dynamic port forwarding with access to localhost ports

Extending an SSH SOCKS5 Proxy to the Far Endpoint

Related Question