Comments on: SSH Reverse Tunnel To Access Box Behind Firewall

By: jon

jon — Fri, 29 Oct 2010 04:19:20 +0000

On #1 – no, the 2 aren’t using the same port. You’re routing through an SSH connection, which connects to port 80 on the other side.

I’m not sure I understand question #2.

If you can SSH into the remote server, you can just do this

ssh -D 9999 remote.server.com

Then set up the SOCKS proxy to point to localhost port 9999.

By: pizza

pizza — Thu, 28 Oct 2010 02:58:25 +0000

Sorry, for the questions, but I am really curious d;P… just thinking all the possibilities

1))
base on ur example I assume BOTH SSH and Web Server uses the same port, but I thought that no 2 application can use the same port ?

2))
Is this the Network overview from ur example?
User:9999 –Tunnel 1–> my.home.com:5000 –Tunnel 2–> my.remote.com:22
(User in same network as home server)

or (user is at home server)
my.home.com:5000(redirect to port 9999) –Tunnel 2–> my.remote.com:22

3))
Below is just for my curiosity
if no reverse SSH is made from the remote web server, but u know port 22 is opened. can u still access remote web server ?

Probably not since most of firewall will allow request going out but not for requests coming in from outside of its network ….

By: jon

jon — Fri, 22 Oct 2010 23:08:42 +0000

Hi Pizza.

Command 1 executes from the machine behind firewall.
Command 2 & 3 you execute on your home machine.

You execute command 1 on the machine behind the firewall in order to come back to yourself at home. It opens up port 5000 at home automatically.

It can be done with a 3rd server in the middle – but it’s a pain. It’s why I opened port 22 and pointed it to my home machine.

By: pizza

pizza — Tue, 19 Oct 2010 04:31:04 +0000

oops let me address the PS. part again

Enter the below 3 commands ?
1) From Remote Server (with web content which we want to access):
ssh -R 5000:my.remote.com:22 username1@my.home.com

2) From User – Not in web server (my.remote.com) or SSH server (my.home.com) network
ssh -D 9999 username2@my.home.com -p 5000

3) Proxy Set to:
localhost:9999 or user’s IP:9999

SSH Data:
User:22 –Tunnel 1–>my.home.com:22–Tunnel 2–>my.remote.com:22

my.home.com:don’t really need to use 22 , it will depends on the SSH server

Web Server Content:
User:9999 –Tunnel 1–>my.home.com:5000–Tunnel 2–>my.remote.com:22

By: pizza

pizza — Tue, 19 Oct 2010 04:23:42 +0000

Can u be more specific on the “localhost” ?
1.
ssh -R 5000:localhost:22 username@my.home.com
localhost refers to remote server (my.remote.com)

2.
ssh localhost -p 5000
localhost refers to home server (my.home.com)

3.
ssh -D 9999 username@localhost -p 5000
localhost refers to home server (my.home.com)

Use either one will do

PS. Above assumes user is using the SSH server (my.home.com), how about if u r accessing from a 3rd PC which is not within either of the two network ? (my.home.com / my.remote.com)?

do as below 2 commands ?
From Remote Server (with web content which we want to access):
ssh -R 5000:my.remote.com:22 username@my.home.com

From User – Not in web server (my.remote.com) or SSH server (my.home.com) network
ssh -D 9999 username@localhost -p 5000

sorry, the its kind of complex with the use of “localhost”

Is above description correct ?

By: Vladimir Grichina

Vladimir Grichina — Mon, 06 Sep 2010 16:47:09 +0000

Sometimes when all you need is to make your development web server publicly accessible, localtunnel tool would be handy for you http://www.componentix.com/blog/17

By: Sam S

Sam S — Sun, 07 Mar 2010 23:31:54 +0000

thanks man. this freaken rules.

plus this: http://www.rustyrazorblade.com/2009/09/helpful-guide-for-setting-up-sshfs-on-mac/

i can work from home using proper tools!