SSH local port forwarding to a website

httpport-forwardingsshssh-tunnel

I was refreshing my memory today on setting up ssh tunnels and I came across several sources that describe forwarding some local port to a website. For example: https://www.techrepublic.com/article/how-to-use-local-and-remote-ssh-port-forwarding

“Open up a terminal window on your client and issue the command:

ssh -L 8080:www.slashdot.org:80 localhost

You will be prompted to enter your user password for the client machine. Essentially, you are connecting, via SSH, back to your client machine, but creating the necessary SSH tunnel to the destination. After you've successfully authenticated against your local account, open up a browser and point it to http://localhost:8080. Your browser should automatically redirect you to Slashdot.”

Only, this doesn’t work if you actually try it. I end up with failed connections, 500 errors, 404 errors, etc. I’ve tried other sites, even non https. What’s the deal?

Best Answer

This technique works, but is not very good for accessing websites since you need to forward a port for each and every domain being accessed. If you load slashdot in chrome and use the developer tools, you can see that when you load slashdot it is actually loading content from at least 21 different domains. If you are only forwarding one domain then you won't see all the content.

Another problem is that you are tunneling to port 80 on a site that is serving content on port 443. If you run "curl -i slashdot.org" you will see that it serves you a 301 redirect to HTTPS. When the browser tries to follow the redirect to HTTPS everything will fail.

You would be better off using ssh as a SOCKS proxy and configuring your browser to use it. You can open a socks proxy on a local port like this:

ssh -D 8080 myhost.com

myhost.com could be "localhost" in your case, but usually is a remote server. Once you have this session open, just go into browser preferences and configure the browser to use a SOCKS v5 proxy pointed at localhost port 8080 (easier to do in firefox than chrome imho). Once that's done the browser will run all of its traffic through the ssh tunnel.

This can be incredibly useful for accessing websites hosted on private networks, or encrypting your data across a network you think is not secure.

Related Solutions

Why isn’t the port forwarding with thesql working on the server

Did you try using

ssh -L 33066:localhost:3306 remotemachine

Please make also sure that inside the mysql privilege system, both 127.0.0.1 and localhost are allowed sources for your database user.

Linux – SSH -L local port forwarding with localhost points to wrong pages

Q1: You wouldn't want to do that. The page is silly in its wording. As you said, the traffic would go from your computer to your computer encrypted, then totally unencrypted to the forum site. They could've explained it by using another computer to forward the traffic, for example to bypass a firewall.

What the tutorial means is "you want to connect to the forum through your laptop from another machine" and then it makes better sense.

Q2: If you open http://localhost:4444/ on your machine, it will make a HTTP requrest to the forum, but it will tell the forum that you want host localhost, not linuxpl.com. The server will then probably return a default page and not the actual virtual host that you wanted since it's using virtual hosts and localhost does not map to the same site as linuxpl.com.

So all in all, forwarding HTTP traffic through ssh tunnels will not work that easily many times. Forwarding to a proxy somewhere would work a lot better.

To get your browser to send proper headers, you might succeed by setting your hosts file to claim the target address is your machine. This way when the browser is resolving the address, it will connect to your local machine and still tell the HTTP server the proper hostname.

You can try this by adding the line

127.0.0.1        linuxpl.com

to /etc/hosts

Best Answer

Related Solutions

Why isn’t the port forwarding with thesql working on the server

Linux – SSH -L local port forwarding with localhost points to wrong pages

Related Question