Comments on: Access Any Remote Server Port Without Modifying Firewall Settings http://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/ Every answer asks a more beautiful question. Fri, 10 Feb 2012 19:55:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: christianhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38590 christian Mon, 18 Aug 2008 21:15:41 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38590 Let me try to clarify: You would set your ssh server to listen on a port you can open on your firewall (say, the standard ssh port 22). Open that port on your firewall and direct its traffic to your ssh server. Then the ssh (remote) client would connect to the ssh server on port 22, forwarding an available local port to app-servername:3001. Depending on how the app you're using works, local port might need to be 3001 (though even if that's not the case it might be a good idea to use that local port to make thinks clearer). Example of what your ssh client command would look like: ssh -L 3001:app_server_name:3001 username@sshserver.domain.com That is: ssh -L local_port:app_server_name:app_port username@ssh_server_hostname_or_ip_address Good luck, Christian Let me try to clarify:

You would set your ssh server to listen on a port you can open on your firewall (say, the standard ssh port 22). Open that port on your firewall and direct its traffic to your ssh server. Then the ssh (remote) client would connect to the ssh server on port 22, forwarding an available local port to app-servername:3001. Depending on how the app you’re using works, local port might need to be 3001 (though even if that’s not the case it might be a good idea to use that local port to make thinks clearer).

Example of what your ssh client command would look like:

ssh -L 3001:app_server_name:3001 username@sshserver.domain.com

That is:

ssh -L local_port:app_server_name:app_port username@ssh_server_hostname_or_ip_address

Good luck,
Christian

]]> By: vivekhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38341 vivek Fri, 18 Jul 2008 06:30:57 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38341 Yes, By setting tunnel via ssh you can access any service or port. Yes,

By setting tunnel via ssh you can access any service or port.

]]> By: yahoonhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38339 yahoon Fri, 18 Jul 2008 03:00:36 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38339 you can access a port that is not opened on the firewall?? you can access a port that is not opened on the firewall??

]]> By: vivekhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38332 vivek Thu, 17 Jul 2008 09:59:33 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38332 yahoon, Why not? I don't see any problem. I use this techniques all the time. yahoon,

Why not? I don’t see any problem. I use this techniques all the time.

]]> By: yahoonhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38322 yahoon Wed, 16 Jul 2008 04:29:13 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38322 I don't think this chapter answer the question the original question is that: we want to access the 3001 on the server,but the firewall doesn't open it. according to this article.we just can do that access localhost:3001 forwarding to server:80,but not the server:3001 which is what we need. in fact.we can't access the ports that are not opened on the firewall.if the firewall does not open 3001 ,we can't access the server's 3001 using this method. I don’t think this chapter answer the question

the original question is that:
we want to access the 3001 on the server,but the firewall doesn’t open it.

according to this article.we just can do that access localhost:3001 forwarding to server:80,but not the server:3001 which is what we need.

in fact.we can’t access the ports that are not opened on the firewall.if the firewall does not open 3001 ,we can’t access the server’s 3001 using this method.

]]> By: vivekhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38318 vivek Tue, 15 Jul 2008 18:23:12 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38318 Liju, Thanks for sharing Apache solution. Liju,

Thanks for sharing Apache solution.

]]> By: Liju Mathewhttp://www.cyberciti.biz/faq/ssh-port-forwarding-tunneling/#comment-38316 Liju Mathew Tue, 15 Jul 2008 15:11:06 +0000 http://www.cyberciti.biz/faq/?p=1192#comment-38316 Hi, Greetings. U r using ssh tunneling for the purpose and it is very secured. It is quite slow if u r using any web application ruunig through ssh tunnel. If you have a Apache web server which is opened to outside, you can use proxy pass module to access your admin control panel which can be accessible locally from u r network. Also we can able to put IP restriction to it's access in Apache. All those control panel should be protected by https. A sample entry is listred below, ServerName adminaccess.mydomain.com <pre> AuthType Basic AuthName "Admin Accesss details pls ..... " AuthUserFile /var/project/passwd Require valid-user Deny from all Allow from 123.123.123.2 ProxyPass / http://prod.secured.local:10000/ ProxyPassReverse / http://prod.secured.local:10000/ ProxyPreserveHost on </pre> Hi,
Greetings.
U r using ssh tunneling for the purpose and it is very secured. It is quite slow if u r using any web application ruunig through ssh tunnel.

If you have a Apache web server which is opened to outside, you can use proxy pass module to access your admin control panel which can be accessible locally from u r network. Also we can able to put IP restriction to it’s access in Apache. All those control panel should be protected by https. A sample entry is listred below,

ServerName adminaccess.mydomain.com

 AuthType Basic
 AuthName "Admin Accesss details pls ..... "
 AuthUserFile /var/project/passwd
 Require valid-user
 Deny from all
 Allow from 123.123.123.2
ProxyPass / http://prod.secured.local:10000/
ProxyPassReverse / http://prod.secured.local:10000/
ProxyPreserveHost on
]]>