How to connect to DB on private network from local machine?

Question

Currently I have a docker image running Alpine Linux inside a private network. I have root access to that docker image.

On the same private network, there is a database instance. Only systems on the same network can access the database ( Ex: The aforementioned docker image )

Right now, to debug things inside the DB, I had to SSH to the docker image then run command line tools from inside that docker image. That is quite complicated

Is there a way for me to connect to that Database, using development tools inside my local PC, instead ? I am not sure if the term for this is port-forward or proxying

Answer 1

I assume you connect like this:

ssh user@docker

You need -L:

ssh -L port1:server:port2 user@docker

where server:port2 is the address and the port of the database as seen from the docker container (this address will be resolved there).

Your local ssh will listen locally on the TCP port port1. You choose the port.

Now connect from the local computer to localhost:port1 (or 127.0.0.1:port1) and the connection will reach server:port2 from docker. The server machine will see it coming from docker. This is called "local port forwarding".

This way a local tool can reach the remote database. The tool needs to connect to localhost:port1.

Notes:

• This only works for TCP, not UDP.
• Other machines in your local network will not be able to use your local computer as a relay to reach the database. This is probably how you want it. If not then check this question: Can I use SSH to serve a tunneled resource on a local network?
• Use ssh -N … to establish a tunnel without executing a remote command.
• Use autossh to automate this.
• Ports with numbers below 1024 are privileged. As a regular user you cannot bind to such port. Choose port1 accordingly.
• The setting AllowTcpForwarding in sshd_config on the SSH server (docker in your case) can be used to disallow port forwarding. The default is to allow, so it will probably work out of the box.