DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th November 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,062
Thanked 198 Times in 156 Posts
Default Tunnelling SSH though a firewall with ssh -L

Here’s a little tip on how to tunnel ssh through another machine with the -L option. While not terribly difficult, I did spend some time figuring this out…Maybe this will save someone else some time ;-)

The network setup at work (simplified):

Code:
    [ Workstation ]
          |
          |
     [ Firewall ]
          |
          |
   ~ The Internet ~
          |
          |
   [Public webserver]
The problem is connecting to public webserver from my workstation, I had to first ssh or sftp to the Linux firewall, and from that to the webserver.

There has to be an easier way … And a look at the SSH manpage provided the answer: The -L option.

Excerpt from From ssh(1):

Code:
       -L [bind_address:]port:host:hostport
               Specifies that the given port on the local (client) host is to be
               forwarded to the given host and port on the remote side.  This
               works by allocating a socket to listen to port on the local side,
               optionally bound to the specified bind_address.
Let me just give you an example on how to create the tunnel:

Code:
  $ ssh -f -N -p 22 username@firewall -L 2844/webserver.example.com/22
To briefly explain what the other options mean:
  • -f Runs the tunnel in the background.
  • -N Don't execute a login command, just setup the tunnel.
  • -p Connect to the firewall on port 22

You can now connect with ssh, sftp, or scp though localhost:2844

Code:
  $ ssh -p 2844 myusername@localhost
  $ scp -P 2844 file.tar.gz myusername@localhost:file.tar.gz
Note that ssh(1) requires -p and scp(1) -P.

Testing
For debugging, don’t forget you can specify -v up to three times to get more information about what’s going on. In addition, it’s probably best to test with telnet since this excludes things like authentication problems.

Code:
  $ telnet localhost 2844
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
If you don’t see the last line, something is wrong.

Bonus tip
As a free complimentary bonus tip, it’s also very easy to setup a convenient shortcut in ~/.ssh/config

Code:
  Host webserver
  	Hostname localhost
  	Port 2844
  	User myusername
Further reading
ssh(1)
ssh_config(5)
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Tags
ssh, tunnel

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Needs for a firewall milo974 OpenBSD Security 1 31st December 2009 03:00 PM
PF firewall bsdnewbie999 OpenBSD General 3 28th April 2009 12:35 PM
Firewall routing Magoo FreeBSD General 9 4th November 2008 04:39 PM
firewall for 2 adsl milo974 OpenBSD General 2 13th October 2008 05:03 PM
Web GUI for firewall ? giga FreeBSD General 6 8th May 2008 05:10 AM


All times are GMT. The time now is 01:07 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick