HPE Community
Operating System - Linux
1834935 Members
2479 Online
110071 Solutions
New Discussion

ssh tunnel

 
SOLVED
Go to solution
Piotr Kirklewski
Super Advisor

‎01-27-2011 06:30 AM

‎01-27-2011 06:30 AM

ssh tunnel

Hi there

My network looks like this:

LAPTOP
|
|
INTERNET
|
gateway (nat points to port 80 @ webserver1)
|
|___webserwer1(port 80)
|
|___webserver2 (port 80)

I need to be able to reach the webpages @ webserver2 from my laptop while out of the building and I can ssh to the machine.

I'm building VPN but in the meantime - how to create a ssh tunnel to be able to browse pages on webserver2 ?

Reagrds

Peter
Jesus is the King
0 Kudos
Reply
3 REPLIES 3
Tim Nelson
Honored Contributor

‎01-27-2011 08:26 AM

‎01-27-2011 08:26 AM

Re: ssh tunnel

configure ssh client with X11 forwarding enabled.

ssh to webserver2

start X11 server on laptop

run firefox from server


0 Kudos
Reply
Jimmy Vance
HPE Pro

‎01-27-2011 04:56 PM

‎01-27-2011 04:56 PM

Re: ssh tunnel

ssh -L 80::80 username@webserver2.system


Point your browser to http://localhost to get to the web pages on webserver2
No support by private messages. Please ask the forum! 
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎01-28-2011 04:24 AM

‎01-28-2011 04:24 AM

Solution

Re: ssh tunnel

Since gateway includes NAT, a direct SSH connection from LAPTOP to webserver2 might not be possible.

In that case:

ssh -L 8080:webserver2:80 gateway

Then type this URL to your browser:

http://localhost:8080

The browser will connect to SSH tunnel set up by your SSH client at localhost:8080. The traffic will be passed to sshd on gateway wrapped within the encrypted SSH protocol. On gateway, the sshd makes a regular, unencrypted TCP connection to port 80 of webserver2 and passes the tunneled traffic to it.


If your SSH is not very old, it probably supports dynamic tunneling too.

On LAPTOP, start a dynamic SSH tunnel like this:

ssh -D 8080 gateway

Then configure your web browser to use a SOCKS proxy at localhost, port 8080.

Now all the connections made by your web browser are first tunneled by SSH to gateway, and will proceed from there to their destination. So you can use a regular URL like this:

http://webserver2/

This may make things much easier if the content of webserver2 includes a lot of absolute URLs.

(NOTE: if the IP address of webserver2 is not resolvable by LAPTOP, you may have to use webserver2's IP address instead of the hostname.)

Remember to remove the SOCKS proxy specification from your browser's configuration when you're done, or you'll eventually spend some time wondering why your browser won't work.


If you can directly SSH from LAPTOP to webserver2, you can replace all instances of "gateway" in command examples above with "webserver2".

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.