Ttyjfyk

Movie: boy escapes the real world and goes to a fantasy world with big furry trolls

Difference between `nmap local-IP-address` and `nmap localhost`

How should I solve this integral with changing parameters?

Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?

Trocar background-image com delay via jQuery

Smooth vector fields on a surface modulo diffeomorphisms

Was it really inappropriate to write a pull request for the company I interviewed with?

"If + would" conditional in present perfect tense

What will happen if my luggage gets delayed?

What is Tony Stark injecting into himself in Iron Man 3?

Why do phishing e-mails use faked e-mail addresses instead of the real one?

Finding the minimum value of a function without using Calculus

ESPP--any reason not to go all in?

Can one live in the U.S. and not use a credit card?

How do you make a gun that shoots melee weapons and/or swords?

What does *dead* mean in *What do you mean, dead?*?

When to use a QR code on a business card?

If sound is a longitudinal wave, why can we hear it if our ears aren't aligned with the propagation direction?

Giving a career talk in my old university, how prominently should I tell students my salary?

Are all players supposed to be able to see each others' character sheets?

When an outsider describes family relationships, which point of view are they using?

I am the person who abides by rules, but breaks the rules. Who am I?

Are E natural minor and B harmonic minor related?

Is there a logarithm base for which the logarithm becomes an identity function?

ssh reverse tunnel with remote ip

Reverse socks5 using SSHSecure access to remote SSH tunnelSSH - How To Make Three Computer Tunnel?Reverse SSH TunnelReverse SSH tunnel works for SSH but not for HTTPSSH Tunnel Between Multiple HostsHow to do SOCKS over a reverse SSH tunnel?How to create an ssh tunnel in between 2 computers?Can't do reverse SSH tunneling in LOCAL networkReverse SSH-Tunnel with Socket

2

2

From a server 192.168.0.1, I'd like to reach a server 192.168.0.2 on port 80.

192.168.0.2 can reach 192.168.0.1, but 192.168.0.1 can't reach 192.168.0.2 (firewall).

I have set up a reverse proxy, by typing the following command on 192.168.0.2:

ssh -f -N -T -R0.0.0.0:80:localhost:80 192.168.0.1

now 192.168.0.1 can reach 192.168.0.2, with the following command:

wget localhost:80

However I'd like to be able to reach 192.168.0.2 by taping

wget 192.168.0.2:80

Is this possible, without messing with the DNS?

linux ssh networking ssh-tunneling

share|improve this question

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

bumped to the homepage by Community♦ 12 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  superuser.com/questions/661772/iptables-redirect-to-localhost
  
  – 7171u
  Mar 1 '16 at 14:04
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @7171u ok thanks, I have added a rule so that iptables -t nat -L shows: DNAT tcp -- anywhere 192.168.0.2 tcp dpt:http to:127.0.0.1:80 however, the second wget is still not working, what could be wrong?
  
  – rogerJ
  Mar 1 '16 at 14:32
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have used this on RHEL7 and it works fine.
  
  – 7171u
  Mar 1 '16 at 15:01
  

  
  
  
  

add a comment | 

2

2

From a server 192.168.0.1, I'd like to reach a server 192.168.0.2 on port 80.

192.168.0.2 can reach 192.168.0.1, but 192.168.0.1 can't reach 192.168.0.2 (firewall).

I have set up a reverse proxy, by typing the following command on 192.168.0.2:

ssh -f -N -T -R0.0.0.0:80:localhost:80 192.168.0.1

now 192.168.0.1 can reach 192.168.0.2, with the following command:

wget localhost:80

However I'd like to be able to reach 192.168.0.2 by taping

wget 192.168.0.2:80

Is this possible, without messing with the DNS?

linux ssh networking ssh-tunneling

share|improve this question

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

bumped to the homepage by Community♦ 12 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  superuser.com/questions/661772/iptables-redirect-to-localhost
  
  – 7171u
  Mar 1 '16 at 14:04
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @7171u ok thanks, I have added a rule so that iptables -t nat -L shows: DNAT tcp -- anywhere 192.168.0.2 tcp dpt:http to:127.0.0.1:80 however, the second wget is still not working, what could be wrong?
  
  – rogerJ
  Mar 1 '16 at 14:32
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have used this on RHEL7 and it works fine.
  
  – 7171u
  Mar 1 '16 at 15:01
  

  
  
  
  

add a comment | 

From a server 192.168.0.1, I'd like to reach a server 192.168.0.2 on port 80.

192.168.0.2 can reach 192.168.0.1, but 192.168.0.1 can't reach 192.168.0.2 (firewall).

I have set up a reverse proxy, by typing the following command on 192.168.0.2:

ssh -f -N -T -R0.0.0.0:80:localhost:80 192.168.0.1

now 192.168.0.1 can reach 192.168.0.2, with the following command:

wget localhost:80

However I'd like to be able to reach 192.168.0.2 by taping

wget 192.168.0.2:80

Is this possible, without messing with the DNS?

linux ssh networking ssh-tunneling

share|improve this question

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

ssh -f -N -T -R0.0.0.0:80:localhost:80 192.168.0.1

wget localhost:80

wget 192.168.0.2:80

share|improve this question

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

share|improve this question

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

asked Mar 1 '16 at 13:42

rogerJrogerJ

163

2 Answers
2

active

oldest

votes

0

You need to define the GatewayPorts in sshd_config otherwise the * or 0.0.0.0 will bind only to the loopback interface.

Also note that

Privileged ports can be forwarded only when logging in as root on the remote machine.

From manual page for ssh:

By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

share|improve this answer

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have added the following line in /etc/ssh/sshd.config -> GatewayPorts clientspecified. However it still doesn't work.
  
  – rogerJ
  Mar 1 '16 at 16:12
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Also I would try with * or address of outer interface (192.168.0.1) instead of 0.0.0.0 and I would watch for errors on both connections.
  
  – Jakuje
  Mar 1 '16 at 16:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I tried both * and 192.168.0.1, to no success. I don't really know what errors to look for, the only thing I can tell you is that the tunnel itself works (wget localhost:80), as explained in the question, so the error is probably not coming from here. What doesn't work is just the wget 192.168.0.2:80, which is maybe an error with the iptables rule
  
  – rogerJ
  Mar 1 '16 at 16:42
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why do you try wget 192.168.0.2:80? You should try wget 192.168.0.1:80. This is where your port is forwarded, isn't it?
  
  – Jakuje
  Mar 1 '16 at 16:54
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well that's the whole point of my question. Say the server I would like to access is google.com, but I can't reach it directly, though google.com can reach me, I'd like to set up my network so that I can reach google.com transparently without having to change anything. So in the end of this configuration, I expect to be able to type wget google.com, not wget localhost or wget 192.168.0.1, which is my own ip.
  
  – rogerJ
  Mar 1 '16 at 17:06
  
  

  
  
  
  

 | 
show 1 more comment

0

I was struggling with this issue on Ubuntu 14.04 (I tried both GatewayPorts clientspecified and GatewayPorts yes in /etc/ssh/sshd_config).

Instead, adding this to my sshd_config worked:

Match User !root
 GatewayPorts yes

That is, I had to specify a user to match the rule to.

share|improve this answer

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f266772%2fssh-reverse-tunnel-with-remote-ip%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

You need to define the GatewayPorts in sshd_config otherwise the * or 0.0.0.0 will bind only to the loopback interface.

Also note that

Privileged ports can be forwarded only when logging in as root on the remote machine.

From manual page for ssh:

By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

share|improve this answer

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have added the following line in /etc/ssh/sshd.config -> GatewayPorts clientspecified. However it still doesn't work.
  
  – rogerJ
  Mar 1 '16 at 16:12
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Also I would try with * or address of outer interface (192.168.0.1) instead of 0.0.0.0 and I would watch for errors on both connections.
  
  – Jakuje
  Mar 1 '16 at 16:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I tried both * and 192.168.0.1, to no success. I don't really know what errors to look for, the only thing I can tell you is that the tunnel itself works (wget localhost:80), as explained in the question, so the error is probably not coming from here. What doesn't work is just the wget 192.168.0.2:80, which is maybe an error with the iptables rule
  
  – rogerJ
  Mar 1 '16 at 16:42
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why do you try wget 192.168.0.2:80? You should try wget 192.168.0.1:80. This is where your port is forwarded, isn't it?
  
  – Jakuje
  Mar 1 '16 at 16:54
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well that's the whole point of my question. Say the server I would like to access is google.com, but I can't reach it directly, though google.com can reach me, I'd like to set up my network so that I can reach google.com transparently without having to change anything. So in the end of this configuration, I expect to be able to type wget google.com, not wget localhost or wget 192.168.0.1, which is my own ip.
  
  – rogerJ
  Mar 1 '16 at 17:06
  
  

  
  
  
  

 | 
show 1 more comment

0

You need to define the GatewayPorts in sshd_config otherwise the * or 0.0.0.0 will bind only to the loopback interface.

Also note that

Privileged ports can be forwarded only when logging in as root on the remote machine.

From manual page for ssh:

By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

share|improve this answer

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have added the following line in /etc/ssh/sshd.config -> GatewayPorts clientspecified. However it still doesn't work.
  
  – rogerJ
  Mar 1 '16 at 16:12
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Also I would try with * or address of outer interface (192.168.0.1) instead of 0.0.0.0 and I would watch for errors on both connections.
  
  – Jakuje
  Mar 1 '16 at 16:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I tried both * and 192.168.0.1, to no success. I don't really know what errors to look for, the only thing I can tell you is that the tunnel itself works (wget localhost:80), as explained in the question, so the error is probably not coming from here. What doesn't work is just the wget 192.168.0.2:80, which is maybe an error with the iptables rule
  
  – rogerJ
  Mar 1 '16 at 16:42
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why do you try wget 192.168.0.2:80? You should try wget 192.168.0.1:80. This is where your port is forwarded, isn't it?
  
  – Jakuje
  Mar 1 '16 at 16:54
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well that's the whole point of my question. Say the server I would like to access is google.com, but I can't reach it directly, though google.com can reach me, I'd like to set up my network so that I can reach google.com transparently without having to change anything. So in the end of this configuration, I expect to be able to type wget google.com, not wget localhost or wget 192.168.0.1, which is my own ip.
  
  – rogerJ
  Mar 1 '16 at 17:06
  
  

  
  
  
  

 | 
show 1 more comment

You need to define the GatewayPorts in sshd_config otherwise the * or 0.0.0.0 will bind only to the loopback interface.

Also note that

Privileged ports can be forwarded only when logging in as root on the remote machine.

From manual page for ssh:

By default, TCP listening sockets on the server will be bound to the loopback interface only. This may be overridden by specifying a bind_address. An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces. Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)).

share|improve this answer

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

share|improve this answer

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

answered Mar 1 '16 at 15:07

JakujeJakuje

16.5k53155

0

I was struggling with this issue on Ubuntu 14.04 (I tried both GatewayPorts clientspecified and GatewayPorts yes in /etc/ssh/sshd_config).

Instead, adding this to my sshd_config worked:

Match User !root
 GatewayPorts yes

That is, I had to specify a user to match the rule to.

share|improve this answer

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012

add a comment | 

0

I was struggling with this issue on Ubuntu 14.04 (I tried both GatewayPorts clientspecified and GatewayPorts yes in /etc/ssh/sshd_config).

Instead, adding this to my sshd_config worked:

Match User !root
 GatewayPorts yes

That is, I had to specify a user to match the rule to.

share|improve this answer

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012

add a comment | 

I was struggling with this issue on Ubuntu 14.04 (I tried both GatewayPorts clientspecified and GatewayPorts yes in /etc/ssh/sshd_config).

Instead, adding this to my sshd_config worked:

Match User !root
 GatewayPorts yes

That is, I had to specify a user to match the rule to.

share|improve this answer

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012

Match User !root
 GatewayPorts yes

share|improve this answer

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012

answered Mar 8 '16 at 19:12

frnsysfrnsys

1012