0

I have a remote-hosted resource (webapp) that I have to tunnel into a server to access remotely. I can complete the local port forwarding command using -L and then access the remote resource at localhost:port in my browser.

For simplicity and persistence, I'd like to tunnel into the remote host (using SSH with my key), but serve the web page locally, so that I can access it using different computers on my local network.

For instance:

Old way:
Remote-server  --|SSH_Tunnel|--  Local-host:port

New way:
Remote-server  --|SSH_Tunnel|--  Local-host:port || local-net:port == local_http-traffic == different-local-computer
Improve this question

1 Answer 1

Reset to default
1

tl;dr? Use ssh -g ….

I assume the command you're using is like

ssh -L 1234:server:5678 ssh_server

This will listen on 127.0.0.1:1234 (IPv4) and [::1]:1234 (IPv6) on the local side. Local connections to any of these addresses will reach server:5678 from the ssh_server. Other computers on your LAN cannot reach the tunnel because 127.0.0.1 and [::1] are loopback addresses; for any machine they mean the machine itself.

To make your tunnel available to other computers, bind it to an address they can reach. Let's say 192.168.0.14 is a valid address of the client that runs ssh; bind to it:

ssh -L 192.168.0.14:1234:server:5678 ssh_server

or to all available addresses (pick one command):

ssh -L 0.0.0.0:1234:server:5678 ssh_server                            # IPv4
ssh -L [::]:1234:server:5678 ssh_server                               # IPv6
ssh -L 0.0.0.0:1234:server:5678 -L [::]:1234:server:5678 ssh_server   # IPv4 and IPv6

The latter most "open" tunnel can also be created with -g. From man 1 ssh:

-g Allows remote hosts to connect to local forwarded ports.

-g is equivalent to -o GatewayPorts=yes and to GatewayPorts yes setting in ssh_config file. This excerpt from man 5 ssh_config explains it even better:

GatewayPorts
Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, ssh(1) binds local port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that ssh should bind local port forwardings to the wildcard address, thus allowing remote hosts to connect to forwarded ports. The argument must be yes or no. The default is no.

So:

ssh -g -L 1234:server:5678 ssh_server

Notes:

  • Don't forget to open the chosen port in your firewall.
  • You may find autossh useful…
  • … along with ExitOnForwardFailure option of ssh (explained in man 5 ssh_config).
  • In general a HTTP server may reject URLs it doesn't consider as its own. You said localhost:port works in your browser. In case URLs like http://192.168.0.14:1234 don't work despite the tunnel, check the server setup.

Additional resources:

Improve this answer
1
  • Excellent answer - unfortunately it did not solve my problem, as it appears I have restrictions I didn't consider in asking this question. I'm marking your answer as the accepted one and will ask a new question with my different constraints.
    – user3.1415927
    Commented May 31, 2018 at 15:19

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .