Ok, so most of us know how to set up your standard SSH tunnel… when you create a secure link between a local port and a port on a remote box. Now recently I had to need to forward a port on a remote server to a local port on my laptop, which is behind a firewall. Turns out SSH can do this too.
Check it out:
ssh -nNT -R 9867:localhost:3000 email@example.com
What does this do? Lets look on my server, a quick netstat -l show us:
tcp 0 0 server.com:9867 *:* LISTEN
Ok, so my server is listening on port 9867 for incoming connections. Let’s test the bridge: I start netcat on my laptop, to listen to port 3030:
nc -l -p 3030
…and on the server I run:
And voila! Netcat on my local host prints out some http headers. Ok, so we have a bridge setup and everything is working. Except on the server, ssh has bound 9867 to the loopback address only, so remote hosts can’t connect. You have to have a line in your /etc/ssh/sshd_config file like this:
This allows you to bind to more than just the local interface. We also have to change our original command to:
ssh -nNT -R :9867:localhost:3000 firstname.lastname@example.org
Note the added ‘:’ in front of the 9867, this is the “bind address”, and when its empty (and GatewayPorts is set to ‘clientspecified’, or ‘on’), this will bind to all address on the remote server. You can also add ‘-f’ to the list of options to make ssh go into the background.
I find this useful when developing Facebook apps with rails. I can forward a port on my server to my laptop (behind a firewall), and tell Facebook my app is on my server, when really its on my laptop. Very handy.
Let me know what your using it for!
Related Posts: On this day...
- Nero - Must Be The Feeling - 2012
- The most awesome video EVAR! - 2011
- Man caught with his pants down on Google Maps - 2010
- Google Buzz Explained - 2010
- What is Ron Paul up to? - 2009
- Firefox Speed Tweaks - 2009
- JVC MiniNote XP5230GB next to a Asus eeePC 4G - 2008
- Masked hoodie sweatshirts stir debate in UK - 2008
- A hard drive just saved my life! - 2008