10

Let's assume the following hosts:

  • localhost : my laptop
  • remoteserver : a server with a public IP which runs a SSH server.
  • private.remoteserver : a server with a private IP which is only accessible from remoteserver.

I don't have sudo access to remoteserver, so I can't make changes with the root user.

The question is: Is it possible to access a port on private.remoteserver from remoteserver, in a single command?

I've played around a bit with ssh tunnels without luck. It would like to create an SSH alias to private.remoteserver as described in this article.

For example, I'd like to run from localhost:

curl http://private.remoteserver:8080/

to connect to port 8080 on private.remoteserver. Is this possible?

Improve this question

2 Answers 2

Reset to default
9

You haven't show us what you've tried so far, but something as simple as this should work:

ssh -L 8080:private.remoteserver:8080 remoteserver

Which would then let you run:

curl http://localhost:8080/

...which due to the port forwarding we just set up would actually connect to port 8080 on private.remoteserver.

If you want to be able to directly access http://private.remoteserver:8080/ from your client, you'll need to (a) set up some sort of proxy and (b) configure curl (or other software) to use the proxy. You can set up a SOCKS5 proxy with ssh using the -D option:

ssh -D 1080 remoteserver

And then you can:

curl --socks5-hostname http://private.remoteserver:8080/

Most web browsers (Firefox, Chrome) can also be configured to operate with a SOCKS5 proxy. If you search for "ssh dynamic forwarding" you'll find lots of good documentation, including this article from Ubuntu.

Improve this answer
4
  • Thanks, the command ssh -L 18080:private.remoteserver:8080 -f -N user@remoteserver allows to me to curl on port 18080, but do is there a way to avoid to run 1 command like this (or 1 proxy per service) for each port I want to access on private.remoteserver? Commented Aug 14, 2013 at 13:23
  • Sure, that's what the dynamic proxy is all about. Take a look at the docs I linked to in the answer. Commented Aug 14, 2013 at 13:33
  • Yes, but I have to specify the proxy in all applications. I'd like to create an alias in /etc/hosts and get all traffic to this host fowarded through ssh tunnel. Commented Aug 14, 2013 at 14:46
  • I accept your answer, as it is valid for the question I originely asked. thanks. Commented Aug 14, 2013 at 14:48
4

Actually I solved my problem with sshuttle:

sshuttle --dns -HN -r user@remoteserver

No other proxy configuration required, then I can access any ports of the private IP :

curl http://private:8080/
Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.