Tunnelling SSH though a firewall with ssh -L
Here’s a little tip on how to tunnel ssh through another machine with the -L option. While not terribly difficult, I did spend some time figuring this out…Maybe this will save someone else some time ;-)
The network setup at work (simplified):
[ Workstation ] | | [ Firewall ] | | ~ The Internet ~ | | [Public webserver]
There has to be an easier way … And a look at the SSH manpage provided the answer: The -L option.
Excerpt from From ssh(1):
-L [bind_address:]port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.
$ ssh -f -N -p 22 username@firewall -L 2844/webserver.example.com/22
You can now connect with ssh, sftp, or scp though localhost:2844
$ ssh -p 2844 myusername@localhost $ scp -P 2844 file.tar.gz myusername@localhost:file.tar.gz
For debugging, don’t forget you can specify -v up to three times to get more information about what’s going on. In addition, it’s probably best to test with telnet since this excludes things like authentication problems.
$ telnet localhost 2844 Trying ::1... Connected to localhost. Escape character is '^]'. SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
As a free complimentary bonus tip, it’s also very easy to setup a convenient shortcut in ~/.ssh/config
Host webserver Hostname localhost Port 2844 User myusername
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Needs for a firewall||milo974||OpenBSD Security||1||31st December 2009 03:00 PM|
|PF firewall||bsdnewbie999||OpenBSD General||3||28th April 2009 12:35 PM|
|Firewall routing||Magoo||FreeBSD General||9||4th November 2008 04:39 PM|
|firewall for 2 adsl||milo974||OpenBSD General||2||13th October 2008 05:03 PM|
|Web GUI for firewall ?||giga||FreeBSD General||6||8th May 2008 05:10 AM|