SSH Tunneling Web Services Through a Firewall ============================================= Todd Warner $Date: 2006-05-12 07:38:58 -0400 (Fri, 12 May 2006) $ Scenario: --------- I need to be able to browse to a web server (port 80 http or port 443 https) that sits behind a firewall. This firewall only allows port 22 (ssh) to remain open. This is done by setting up a secure SSH tunnel that links the secured traffic to port 80 and/or 443 on the remote side. |f | web |i w| current server <-- port 22(ssh)-- |r a| <---port-22(ssh)--- workstation 192.168.0.2 |e l| | l| IP: 1.2.3.4 Solution 1: dead simple direct method ------------------------------------- The dead simple way to do this is with this command, run as root on the "current workstation". NOTE: you have to have username/password access on the remote system to do this. ssh -f -N -q joe_user@1.2.3.4 -L 20080:localhost:80 ssh -f -N -q joe_user@1.2.3.4 -L 20443:localhost:443 Now, just browse to http://localhost:20080/ (or 20443)on your current workstation and you will be viewing web services from the web-server (1.2.3.4). The way you read that command line is this: ssh -f -- ssh into the box and shove the connection to the background 1.2.3.4 -- the web-server's IP address as seen by the outside. -L -- LocalForward - i.e., you are locally forwarding SSH traffic (as opposed to remote forwarding. 20080 -- port on the *local* machine: "current workstation" (20443 if you need to link to https instead of http) localhost -- hostname as viewed by remote machine (localhost as evaluated by the SSH server, in this case "web server"). In this example, it could have been 192.168.0.2. 80 -- the port on the remote machine that your tunnel connects to. There are more sophisticated ways to do this, but this is dead simple. If you want a more sophisticated way, keep reading. If not, stop right there. More sophisticated: ------------------- Edit ~/.ssh/config on your current workstation (my laptop on the road for this example): ## Updated Linux Laptop .ssh/config ## Host web-server HostName 1.2.3.4 User root # NOTE: 127.0.0.1 here refers to an IP as the *server-side* sees it. # Therefore, 127.0.0.1 means to bind to localhost, but the server # as localhost. Because you have already "ssh'ed in" so to speak. # Could have used the server's internal IP if you wished. LocalForward 20080 127.0.0.1:80 LocalForward 20443 127.0.0.1:443 Chown that file to 600: chown ~/.ssh/config You then invoke those mappings via: ssh -f -N -q web-server or even just ssh web-server You can then point your browser locally and away you go: http://localhost:80/ Hope this was of some help. References: http://www.hackinglinuxexposed.com/articles/20030228.html http://souptonuts.sourceforge.net/sshtips.htm http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Port_Forwarding.html Todd Warner