Reminder: HOWTO tunnel http using ssh…

July 16, 2010 | Security | By: Mark VandeWettering

I have a couple of devices at home that provide http servers on my local network. I have them tucked nicely behind my firewall so that they are not accessible from the outside, but occasionally, I would like to login to them to perform some reconfiguration or the like. This is where ssh comes to the rescue: you can use it to create a secure tunnel, a port that I can connect to on my local machine that gets routed to my remote machine through my firewall.

The problem is, I can never remember the command, and it takes me a few minutes of thought to reconstruct it. So, I thought I’d write it down here so I’d remember.

The basic command is:

ssh -f mylogin@myserver.com -L 20000:192.168.1.132:80 -N

When I enter http://localhost:20000 on my machine, it’s as if I was accessing the web page on 192.168.1.132 on my local network. Very useful.

Comments

Comment from dmeon
Time 7/16/2010 at 11:21 am

I use this on my laptop so I can find it in case it’s stolen. Whenever my laptop can connect to the internet, it connects to my server and opens up a port there. I can then SSH to the server and connect to my laptop.

This allows me to delete files, take pictures of the bastard who stole it, and maybe even trace its location.

Comment from Ricardo – CT2GQV
Time 7/17/2010 at 5:14 am

You can use “openvpn” or any other vpn daemon and build a tunnel from a remote site to you local network, that way you could have access to all the services running on the machines on a more transparent way and not having to remember which port is forward…

Comment from Karl-Martin Skontorp
Time 7/18/2010 at 11:58 am

Another approach, halfway between a proper VPN and simple port forwarding is to use the built-in SOCKS proxy in ssh. Just look up the -D switch. Most web clients, and some other applications (like Spotify), support this.

Comment from Steve VanDevender
Time 7/20/2010 at 6:06 pm

I second the recommendation for using the “-D” SOCKS proxy option available in more recent ssh versions for tunnelling browser sessions. It’s much more flexible than simple port forwarding and works better with SSL web sites. (We can also thank our old friend David Koblas for creating the original SOCKS protocol.)

Comment from Patrick
Time 7/20/2010 at 11:18 pm

For commands you need occasionally and often forget I recommend to write a small shellscript wich just can be called instead of looking up the parameters every time. HTH