[SOLVED] 'ssh reverse tunneling to apache boxes behind restrictive firewalls' not working as expected using SSL

Issues related to configuring your network
Post Reply
aegersz
Posts: 86
Joined: 2016/04/04 07:42:58

[SOLVED] 'ssh reverse tunneling to apache boxes behind restrictive firewalls' not working as expected using SSL

Post by aegersz » 2017/07/17 12:33:35

Hi, I am at home behind a firewall that allows NO incoming connections. all my machines use ssh keys and SSL.

note: my-public-host is not my real public server's name, of course.

I can "ssh" into my machines at home from my-public-host (allows port 22) by using a ssh reverse tunnel:

home/client:
ssh -R 2222:localhost:22 my-public-host

my-public-host:
ssh -p 2222 localhost > I get to my home/client shell with no problems

BUT when i try to access my home/client website (uses port 8080) by pointing by browser (from anywhere) to http(s)://my-public-host:8080, i have no luck connecting. I have been trying this for hours and watching it in debug mode via:

ssh -vvv -R *:8080:localhost:8080 my-public-host

what am i doing wrong, please ? how can i get to my home webserver from a 3rd party client via a browser ?

However, if i issue curl localhost:8080 on my-public-host then I get traffic from home/client but NOT when i point my browser to it (?). my-public-host is a forum, btw.
Last edited by aegersz on 2017/08/18 22:27:37, edited 6 times in total.

aegersz
Posts: 86
Joined: 2016/04/04 07:42:58

Re: 'ssh reverse tunneling to httpd behind firewall' not working as expected

Post by aegersz » 2017/07/17 14:51:08

i worked it out. My .htaccess was forcing https traffic, see below.

Code: Select all

# redirect http to https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://my-public-host/$1 [R=301,L]
so i had to use local port 443: (point my browser to my-public-host:8080)

ssh -R *:8080:localhost:443 my-public-host

aegersz
Posts: 86
Joined: 2016/04/04 07:42:58

Re: [SOLVED] 'ssh reverse tunneling to apache/httpd machines behind restrictive firewalls' not working as expected using

Post by aegersz » 2017/08/18 22:24:39

some more variations as i tunnel into and around my intranet (uncomment what you want):

Code: Select all

# ssh back into the Linux router box
# > ssh -p 2210 localhost
#ssh -R 2210:localhost:22 my-public-host

# ssh back into the Linux dev box
# > ssh -p 2210 localhost
#ssh -R 2210:192.168.137.2:22 my-public-host


# https back into the Linux router box (before the REAL Netgear router)
# > my-public-host:8080
#ssh -R *:8080:localhost:443 my-public-host

# http back to the Linux dev box BUT this requires 8080 -> 80 port forwarding done by the REAL Netgear router (sits after it)
# > my-public-host:8080/smfnew
#ssh -R *:8080:192.168.137.2:80 my-public-host

# tunnel back into The linux router's Webmin
# > my-public-host:10001
#ssh -R *:10001:localhost:10000 my-public-host
it's also important to use simple .htaccess like this to avoid weird issues:

Code: Select all

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://an-intranet-host/$1 [R=301,L]

Post Reply