1

sorry if my question is stupid but I can't understand two things. Lets assume I'm doing the expample written here:

[...]you wanted to connect from your laptop to http://www.ubuntuforums org using an SSH tunnel. You would use source port number 8080 (the alternate http port), destination port 80 (the http port), and destination server www.ubuntuforums.org. :

ssh -L 8080:www.ubuntuforums.org:80 <host>

Where <host> should be replaced by the name of your laptop.

Q1: What I can actually achieve with this? On the remote server, there is no sshd available, so traffic lefts my PC unencrypted, right? What would I need this for?

Q2: I'm trying to do ssh -L 4444:linuxpl.com:80 localhost. When I enter http://localhost:4444 in my web browser, I can see internal site of LiteSpeed Web Server. When I try other pages, I can see Apache internal sites. When I try some other, I can see this site's 404 page not found message. Some of them work as expected, though. Why this happens? How to fix it?

Improve this question
1
  • 1
    We're not a forum, so to make this usable for future visitors: please ask one question per question.
    – Arjan
    Commented Dec 12, 2015 at 12:10

2 Answers 2

Reset to default
1

Q1: You wouldn't want to do that. The page is silly in its wording. As you said, the traffic would go from your computer to your computer encrypted, then totally unencrypted to the forum site. They could've explained it by using another computer to forward the traffic, for example to bypass a firewall.

What the tutorial means is "you want to connect to the forum through your laptop from another machine" and then it makes better sense.

Q2: If you open http://localhost:4444/ on your machine, it will make a HTTP requrest to the forum, but it will tell the forum that you want host localhost, not linuxpl.com. The server will then probably return a default page and not the actual virtual host that you wanted since it's using virtual hosts and localhost does not map to the same site as linuxpl.com.

So all in all, forwarding HTTP traffic through ssh tunnels will not work that easily many times. Forwarding to a proxy somewhere would work a lot better.

To get your browser to send proper headers, you might succeed by setting your hosts file to claim the target address is your machine. This way when the browser is resolving the address, it will connect to your local machine and still tell the HTTP server the proper hostname.

You can try this by adding the line

127.0.0.1        linuxpl.com

to /etc/hosts

Improve this answer
5
  • The page isn’t “silly”. It doesn’t say localhost but host. This is a completely valid and universally applicable tutorial.
    – Daniel B
    Commented Dec 12, 2015 at 12:58
  • @DanielB It could be worded better. Now it explains how to connect from your laptop to somewhere else, host being the laptop. Then they tell to connect to localhost. So there is only one machine. Therefore the tunneling doesn't really achieve anything. This in my mind is silly. If it explained how to tunnel through a third machine, it would be usable. Also it does nothing to explain that this tunneling won't even work for virtual hosts, as the OP noticed.
    – Sami Kuhmonen
    Commented Dec 12, 2015 at 13:01
  • No. The whole tutorial is built around the fact that laptop is a machine you can connect to. Nowhere does it say it’s the same machine. It could be, of course, but again: It’s just a tutorial for learning the command syntax.
    – Daniel B
    Commented Dec 12, 2015 at 13:05
  • @DanielB It says "connect from your laptop to ubuntuforums.org using an SSH tunnel", which means you are on the laptop and you want to connect from there using a tunnel. It does not say "connect through your laptop", or explain why it's even talking about laptop. It's the wording that is silly. It should say "you want to connect from machine A to website X using a tunnel through machine B" and it would be non-silly. And add the mention about HTTP protocol not being happy about it usually.
    – Sami Kuhmonen
    Commented Dec 12, 2015 at 13:07
  • @user532872 Added a way to achieve that with hosts file
    – Sami Kuhmonen
    Commented Dec 12, 2015 at 13:15
0

Q1: I was using this in a environment were you do not have contact with the internet. Imagine you are running you laptop in a network that does not allow connections to the outside world, but there is a single machine that is allowed to connect both to the outside world and the network were your laptop is in. So to be able to browse you will need to shh to this machine, sot that your internet traffic enter the outside network though the authorized machine.

The connection goes something like this: When you type http://localhost:4444 the ssh will pick up the request, and send it to the host, that then will send it to linuxpl.com:80. The connection between a your laptop and the host is encrypted by ssh, the connection between the host an internet is not encrypted, i.e. the ssh only forwards and encrypts messages between your two machines.

Q2: Don't really understand what is the problem, but ssh -L 4444:linuxpl.com:80 localhost does not really make sense... as you are tunneling between your machine and your machine...

Improve this answer
2
  • Yes, but that's exactly what the site I linked above proposes. That's why I'm asking what's the point of doing that and why it won't work for some sites. The example you provided is different, it includes 3rd machine in game and assumes it's running sshd.
    – user532872
    Commented Dec 12, 2015 at 12:29
  • Site says host, not localhost
    – berserck
    Commented Jan 6, 2016 at 10:46

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .