tl;dr? Use ssh -g …
.
I assume the command you're using is like
ssh -L 1234:server:5678 ssh_server
This will listen on 127.0.0.1:1234
(IPv4) and [::1]:1234
(IPv6) on the local side. Local connections to any of these addresses will reach server:5678
from the ssh_server
. Other computers on your LAN cannot reach the tunnel because 127.0.0.1
and [::1]
are loopback addresses; for any machine they mean the machine itself.
To make your tunnel available to other computers, bind it to an address they can reach. Let's say 192.168.0.14
is a valid address of the client that runs ssh
; bind to it:
ssh -L 192.168.0.14:1234:server:5678 ssh_server
or to all available addresses (pick one command):
ssh -L 0.0.0.0:1234:server:5678 ssh_server # IPv4
ssh -L [::]:1234:server:5678 ssh_server # IPv6
ssh -L 0.0.0.0:1234:server:5678 -L [::]:1234:server:5678 ssh_server # IPv4 and IPv6
The latter most "open" tunnel can also be created with -g
. From man 1 ssh
:
-g
Allows remote hosts to connect to local forwarded ports.
-g
is equivalent to -o GatewayPorts=yes
and to GatewayPorts yes
setting in ssh_config
file. This excerpt from man 5 ssh_config
explains it even better:
GatewayPorts
Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, ssh(1)
binds local port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that ssh
should bind local port forwardings to the wildcard address, thus allowing remote hosts to connect to forwarded ports. The argument must be yes
or no
. The default is no
.
So:
ssh -g -L 1234:server:5678 ssh_server
Notes:
- Don't forget to open the chosen port in your firewall.
- You may find
autossh
useful…
- … along with
ExitOnForwardFailure
option of ssh
(explained in man 5 ssh_config
).
- In general a HTTP server may reject URLs it doesn't consider as its own. You said
localhost:port
works in your browser. In case URLs like http://192.168.0.14:1234
don't work despite the tunnel, check the server setup.
Additional resources: