Skip to main content
Unix & Linux

Return to Answer

Grammar, more accurate wording, better positioning of code blocks
Source Link
fra-san
fra-san
  • 10.9k
  • 2
  • 27
  • 45

SSH tunnels are useful to cross insecure networks, leveraging end toproviding end-to-end encryption, when connecting two end-points points that seatsseat on distinct trusted networks.

EDITED

  • A local host-A: your localhost, on your local network (likely behind firewall/NAT)

    A local host-A: your localhost, on your local network (likely behind firewall/NAT)

  • A publicly reachable host-B: the aws server

    A publicly reachable host-B: the aws server

  • A non-publicly reachable host-C: on the restricted remote network (likely behind firewall/NAT)

    A non-publicly reachable host-C: on the restricted remote network (likely behind firewall/NAT)

  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

    A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

  1. A tunnel from host-A to host-B, that:

    A tunnel from host-A to host-B, that:

    • Lets host-A listen on port 8080

    • Sends traffic from that port through the tunnel

    • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just make sure to use the same one in all commands)

    # Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B

  2. A tunnel from host-C to host-B, that:

    • Lets host-B listen on port 15872

    • Sends traffic from that port through the tunnel

    • On host-C (your Linux server), redirects that traffic to port 80 on host-D

    # Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B
  • Lets host-A listen on port 8080
  • Sends traffic from that port through the tunnel
  • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just ensure it be the same in all commands)
# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B
  1. A tunnel from host-C to host-B, that:
  • Lets host-B listen on port 15872
  • Sends traffic from that port through the tunnel
  • On host-C (your linux server), redirects that traffic to port 80 on host-D
# Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B

SSH tunnels are useful to cross insecure networks, leveraging end to end encryption, connecting two end-points that seats on distinct trusted networks.

EDITED

  • A local host-A: your localhost, on your local network (likely behind firewall/NAT)
  • A publicly reachable host-B: the aws server
  • A non-publicly reachable host-C: on the restricted remote network (likely behind firewall/NAT)
  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network
  1. A tunnel from host-A to host-B, that:
  • Lets host-A listen on port 8080
  • Sends traffic from that port through the tunnel
  • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just ensure it be the same in all commands)
# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B
  1. A tunnel from host-C to host-B, that:
  • Lets host-B listen on port 15872
  • Sends traffic from that port through the tunnel
  • On host-C (your linux server), redirects that traffic to port 80 on host-D
# Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B

SSH tunnels are useful to cross insecure networks, providing end-to-end encryption when connecting two end points that seat on distinct networks.

  • A local host-A: your localhost, on your local network (likely behind firewall/NAT)

  • A publicly reachable host-B: the aws server

  • A non-publicly reachable host-C: on the restricted remote network (likely behind firewall/NAT)

  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

  1. A tunnel from host-A to host-B, that:

    • Lets host-A listen on port 8080

    • Sends traffic from that port through the tunnel

    • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just make sure to use the same one in all commands)

    # Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B

  2. A tunnel from host-C to host-B, that:

    • Lets host-B listen on port 15872

    • Sends traffic from that port through the tunnel

    • On host-C (your Linux server), redirects that traffic to port 80 on host-D

    # Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B
added 58 characters in body
Source Link
fra-san
fra-san
  • 10.9k
  • 2
  • 27
  • 45

SSH tunnels are useful to cross insecure networks, leveraging end to end encryption, connecting two end-points that seats on distinct trusted networks.

EDITED

A far as I can tell (thanks to comments), what you have is:

  • A local host-A: your localhost, on your local network (likely behind firewall/NAT)
  • A publicly reachable host-B: the aws server
  • A non-publicly reachable host-C: on the restricted remote network (likely behind firewall/NAT)
  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

If you want to connect your host A to host D, letting your browser reach it on port 80, you need:

  1. A tunnel from host-A to host-B, that:
  • Lets host-A listen on port 8080
  • Sends traffic from that port through the tunnel
  • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just ensure it be the same in all commands)
# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B
  1. A tunnel from host-C to host-B, that:
  • Lets host-B listen on port 15872
  • Sends traffic from that port through the tunnel
  • On host-C (your linux server), redirects that traffic to port 80 on host-D
# Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B

This way, requests made to host-A on port 8080 will be tunneled to host-B, redirected to port 15872 on the same host-B, tunneled to host-C and redirected on host-C to port 80 of host-D.

SSH tunnels are useful to cross insecure networks, leveraging end to end encryption, connecting two end-points that seats on distinct trusted networks.

EDITED

A far as I can tell (thanks to comments), what you have is:

  • A local host-A: your localhost, on your local network
  • A publicly reachable host-B: the aws server
  • A non-publicly reachable host-C: on the restricted remote network
  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

If you want to connect your host A to host D, letting your browser reach it on port 80, you need:

  1. A tunnel from host-A to host-B, that:
  • Lets host-A listen on port 8080
  • Sends traffic from that port through the tunnel
  • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just ensure it be the same in all commands)
# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B
  1. A tunnel from host-C to host-B, that:
  • Lets host-B listen on port 15872
  • Sends traffic from that port through the tunnel
  • On host-C (your linux server), redirects that traffic to port 80 on host-D
# Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B

This way, requests made to host-A on port 8080 will be tunneled to host-B, redirected to port 15872 on the same host-B, tunneled to host-C and redirected on host-C to port 80 of host-D.

SSH tunnels are useful to cross insecure networks, leveraging end to end encryption, connecting two end-points that seats on distinct trusted networks.

EDITED

A far as I can tell (thanks to comments), what you have is:

  • A local host-A: your localhost, on your local network (likely behind firewall/NAT)
  • A publicly reachable host-B: the aws server
  • A non-publicly reachable host-C: on the restricted remote network (likely behind firewall/NAT)
  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

If you want to connect your host A to host D, letting your browser reach it on port 80, you need:

  1. A tunnel from host-A to host-B, that:
  • Lets host-A listen on port 8080
  • Sends traffic from that port through the tunnel
  • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just ensure it be the same in all commands)
# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B
  1. A tunnel from host-C to host-B, that:
  • Lets host-B listen on port 15872
  • Sends traffic from that port through the tunnel
  • On host-C (your linux server), redirects that traffic to port 80 on host-D
# Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B

This way, requests made to host-A on port 8080 will be tunneled to host-B, redirected to port 15872 on the same host-B, tunneled to host-C and redirected on host-C to port 80 of host-D.

deleted 613 characters in body
Source Link
fra-san
fra-san
  • 10.9k
  • 2
  • 27
  • 45

AsEDITED

A far as I can tell (thanks to comments), what you have is:

  • A local endpointhost-A: your localhost, on your local network
  • A remote endpointpublicly reachable host-B: the aws server, that it is part of a remote
  • A non-publicly reachable host-C: on the restricted remote network
  • TheA non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is part ofon the remote restricted network

If you want to connect your host A remote port forwarding asto host D, letting your browser reach it on port ssh -R 8080:deviceIP:80 user@aws, you need:

  1. A tunnel from host-A to host-B, that:
  • Creates a tunnel between localhost and aws
  • Lets awshost-A listen on port 8080
  • Sends traffic from that port through the tunnel all the traffic that comes to aws:8080 from its local network
  • LetsOn host-B (localhostaws send that), redirects the traffic coming from the tunnel to the local deviceIP:80(i.e. on host-B) port your local network,15872 not through(I took it from your comments; you can choose any available port; just ensure it be the tunnel.same in all commands)

I guess it's not what you want. This setup is useful if you want some resource on your local network to be available to hosts on the remote network.

# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B

A local port forwarding as the one suggested by roaima, ssh -L 8080:deviceIP:80 user@aws:

  1. A tunnel from host-C to host-B, that:
  • Creates a tunnel between localhost and aws
  • Lets localhosthost-B listen on port 808015872
  • Sends traffic that comes to localhost:8080 (here, requests from your browser)that port through the tunnel
  • LetsOn host-C aws send(your linux server), redirects that traffic to port deviceIP:80 on the remote networkhost-D

This seems to be what you are looking for since you are asking for requests originating on your localhost being served by deviceIP.

If you really want the aws server to listen on port 8080 and forward all the traffic from port 8080 to deviceIP:80, you may have some different options. The one I propose here uses ssh to create a tunnel between aws and deviceIP, but the tunnel is probably not needed (if aws and deviceIP are on the same network). Alternative methods, e.g. based on iptables, are beyond the aims of this answer.
You have to ssh into aws and define a local port forwarding there:

# Execute on host-C $ ssh -LR *:808015872:deviceIPhost-D:80 user@localhost # run on awsuser@host-B

This way, requests made to host-A on port aws8080 forwardswill be tunneled to host-B, redirected to port deviceIP:8015872 allon the traffic it receives from its local networksame host-B, tunneled to host-C and redirected on host-C to port (not from a tunnel)80 of host-D.

As far as I can tell, what you have is:

  • A local endpoint: your localhost, on your local network
  • A remote endpoint: the aws server, that it is part of a remote restricted network
  • The host deviceIP, that listens on port 80 and is part of the remote restricted network

A remote port forwarding as your ssh -R 8080:deviceIP:80 user@aws:

  • Creates a tunnel between localhost and aws
  • Lets aws listen on port 8080
  • Sends through the tunnel all the traffic that comes to aws:8080 from its local network
  • Lets localhost send that traffic to deviceIP:80 on your local network, not through the tunnel.

I guess it's not what you want. This setup is useful if you want some resource on your local network to be available to hosts on the remote network.

A local port forwarding as the one suggested by roaima, ssh -L 8080:deviceIP:80 user@aws:

  • Creates a tunnel between localhost and aws
  • Lets localhost listen on port 8080
  • Sends traffic that comes to localhost:8080 (here, requests from your browser) through the tunnel
  • Lets aws send that traffic to deviceIP:80 on the remote network

This seems to be what you are looking for since you are asking for requests originating on your localhost being served by deviceIP.

If you really want the aws server to listen on port 8080 and forward all the traffic from port 8080 to deviceIP:80, you may have some different options. The one I propose here uses ssh to create a tunnel between aws and deviceIP, but the tunnel is probably not needed (if aws and deviceIP are on the same network). Alternative methods, e.g. based on iptables, are beyond the aims of this answer.
You have to ssh into aws and define a local port forwarding there:

$ ssh -L *:8080:deviceIP:80 user@localhost # run on aws

This way aws forwards to deviceIP:80 all the traffic it receives from its local network (not from a tunnel).

EDITED

A far as I can tell (thanks to comments), what you have is:

  • A local host-A: your localhost, on your local network
  • A publicly reachable host-B: the aws server
  • A non-publicly reachable host-C: on the restricted remote network
  • A non-publicly reachable host-D: the one you refer to as deviceIP, that listens on port 80 and is on the remote restricted network

If you want to connect your host A to host D, letting your browser reach it on port 80, you need:

  1. A tunnel from host-A to host-B, that:
  • Lets host-A listen on port 8080
  • Sends traffic from that port through the tunnel
  • On host-B (aws), redirects the traffic coming from the tunnel to the local (i.e. on host-B) port 15872 (I took it from your comments; you can choose any available port; just ensure it be the same in all commands)
# Execute on host-A $ ssh -L 8080:localhost:15872 user@host-B
  1. A tunnel from host-C to host-B, that:
  • Lets host-B listen on port 15872
  • Sends traffic from that port through the tunnel
  • On host-C (your linux server), redirects that traffic to port 80 on host-D
# Execute on host-C $ ssh -R *:15872:host-D:80 user@host-B

This way, requests made to host-A on port 8080 will be tunneled to host-B, redirected to port 15872 on the same host-B, tunneled to host-C and redirected on host-C to port 80 of host-D.

added 260 characters in body
Source Link
fra-san
fra-san
  • 10.9k
  • 2
  • 27
  • 45
added 6 characters in body
Source Link
fra-san
fra-san
  • 10.9k
  • 2
  • 27
  • 45
Source Link
fra-san
fra-san
  • 10.9k
  • 2
  • 27
  • 45