Ssh – Tunnel HTTP traffic over ssh

ssh-tunneling

Here's my setup. I have a private network with one public IPv4 address. On this private network, I have two servers, 192.168.1.10 and 192.168.1.20. .10 is my ssh bastion host. I have set up port forwarding so that I can ssh to this server from the internet. I have also set up my ssh config on my workstation so that I can ssh to 192.168.1.20 from the internet as well, via 192.168.1.10. Workstation is not on the private network, it is a machine on the internet.

Here is my goal: I want to be able to connect to an http service on 192.168.1.20 via internet, from my workstation, (just by hitting localhost:8080 or similar) but tunneled over ssh. What tunnel(s) do I need to set up, and on what machines?

Thanks!

Best Answer

From your workstation set up tunneling via:

ssh -L8080:192.168.1.20:80 server10

Where "server10" is the public name you use to reach 192.168.1.10.

This will listen locally on port 8080 and forward any data to 192.168.1.20:80 from the target host.

An alternative is using the -D option for ssh for setting up a socks proxy. This will allow you to reach each port on each host, but you have to configure your application to use that proxy.

Related Solutions

SFTP – How to Use SFTP Over Reverse SSH Tunnel

First, this is a prerequesite (at least for me): Remote desktop over SSH reverse tunnel to replace TeamViewer

The reverse SSH tunnel looks like this:

laptop(SFTP client)--->nat--->middleman<--nat<--desktop(SFTP server)

On laptop edit ~/.ssh/config and add this:

Host SftpToDesktop
  HostName localhost
  Port %p
  User admin
  PasswordAuthentication no
  IdentityFile ~/.ssh/my_id_rsa

Then, with an existing SSH leg from laptop to middleman established already (as per above link), do the following:

$ ssh -fNL 1234:localhost:1234 -i ~/.ssh/some_id_rsa admin@middleman.com

Finally, open Dolphin (if using KDE like me) and enter this location:

sftp://SftpToDesktop:1234

Ssh – Run X clients over multi-hop ssh tunnel

Lets suppose that you have the following topology:

Work -> Firewall (port forwarding) -> Server -> Target.

If your problem is that you are not getting the X11 on Target because you are doing ssh -X Server and then inside Server you are doing ssh -X Target this might work for you.

ssh allows you to forward ports too. You can use a ssh connection to get a remote port mapped in a local port. For example to access Target one can:

Map the port 22 on Target to a local port 20000 using the Server connection (keep this connection open or use -Nf option).

ssh -L20000:Target:22 Server

Then connect to Target using this mapped port.

ssh -p 20000 -X localhost

Best Answer

Related Solutions

SFTP – How to Use SFTP Over Reverse SSH Tunnel

Ssh – Run X clients over multi-hop ssh tunnel

Related Question