Question Trying to access a local web server through SSH tunneling

faithy3

Junior Member
May 27, 2022
1
0
6
I have a web server for configuring a device that's accessible and configurable across my local network from my desktop. My desktop is accessible through SSH over the internet. However, attempting to use an ssh command like `ssh -L 8006:10.0.0.15:8006 user@sshserver.com`, and then trying to go to that IP address in a web browser to view the web interface does not work. I think this is an issue with trying to access an IP address that is outside of the range of any connected networks, but I don't know how to remedy that. How can I do this with SSH?
 

Zoozuu

Member
Oct 21, 2020
140
20
41
is it normally able to be accessed through ssh? is your problem that you need an application for accessing ssh? configuring the server itself so its accessible? have you tried putty? here

EDIT: what device? :p
 

Tech Junky

Golden Member
Jan 27, 2022
1,345
422
96
Is the rest of your stuff on 10.0.0.0/24 ?

Where are you SSH'ing from? Outside of the WAN? Inside the LAN?

If you have a "PC" on the same network you can use it as a jumpbox to get to the server but, I'm not sure that 8006 would be reachable from a GUI perspective unless you build an actual VPN tunnel to the network and then connect to the GUI.
 

mxnerd

Diamond Member
Jul 6, 2007
6,510
1,003
126
OP's description is a bit confuising. SSH is text based, and OP wants to use it to access the web server's web interface that's graphics?
 

mxnerd

Diamond Member
Jul 6, 2007
6,510
1,003
126
OK. I have never done this before.

I installed OpenSSH client & server (in Windows\System32\OpenSSH directory) on 2 Windows machines (192.168.40.10 which runs WampServer at port 80 & local machine is 192.168.40.20) Changed AllowTcpForwarding setting in sshd_config file to yes.

Used ssh-keygen.exe generated key pairs. Ran ssh -L 1234:192.168.40.10:80 admin@192.168.40.10 on 192.168.40.20 machine and launched browser and then visited http://localhost:1234 , was able to browse the site. Had to turn off the firewall or open TCP port 1234 to browse.

Haven't test the jump host from a 3rd mahcine (probably from WAN), will do that later.

It will work because browser is actually a text stream consumer app, what it does is it just receive web server's html/javascript text content and render it.
 
Last edited:

mv2devnull

Golden Member
Apr 13, 2010
1,418
102
106
ssh -L X:third:Y Server

Three (depends how you count) things happen here:
* You connect to remote machine Server, there is now a "SSH tunnel" your machine and Server
* The ssh client in your machine listens port tcp/X of your machine
* When you write something to localhost:X, ssh forwards it via tunnel to Server, where the sshd initiates connection to third:Y

The firewall of your machine must allow connections to localhost:X, the firewall on Server must allow outbound connections (app in Server, sshd, connects out), and naturally the third must allow connections to its Y.
Only the Server needs to know (have route) how to connect to third, not your machine.
The third will think that it talks to Server (so essentially ssh does NAT your connection to third:Y).

SSH has also options -R and -D.
The -R makes sshd listen on a port and forward connections to it into our client machine via the tunnel. (Default config on server probably disables this.)
The -D makes ssh client listen on a port like it were a SOCKS5 proxy. Tell your browser to use localhost as proxy and then you can connect anywhere "from Server".

[Edit]
Then you have -J, ProxyJump. Say ssh -J A,B,C D
This makes ssh to connect to A, but not create shell session in it.
Instead, the A opens ssh connection to B. The B opens ssh connection to C, and the C opens ssh connection to D.
What you see is authentication to A, B, C, and D (ssh keys are awesome), and shell session on D.
Why do that? When you, A, and B can't connect to D, but C can, and you can't directly connect to B either (but A can).
You naturally can have the -L, -R, and -D on such proxied tunnel too.
 
Last edited:

mxnerd

Diamond Member
Jul 6, 2007
6,510
1,003
126
So what will be the ssh command look like if the setup is as follows?

Code:
web on port 80                         port 2222 forwarded to 192.168.40.10   
mysql on port 3306   jump host                    on NAT router A               internet               NAT router B

192.168.40.20 --- 192.168.40.10 ---- LAN 192.168.40.1 ---- 111.111.111.111 WAN ---------  WAN 222.222.222.222 --- LAN 10.10.10.1 --- 10.10.10.10
  ssh server        ssh server                                                                                                       my pc running
  on port 22        on port 2222                                                                                                      ssh client

user2 /passwd2   user1 / passwd1
 
Last edited:

mv2devnull

Golden Member
Apr 13, 2010
1,418
102
106
So what will be the ssh command look like if the setup is as follows?

Code:
web on port 80                         port 2222 forwarded to 192.168.40.10  
mysql on port 3306   jump host                    on NAT router A               internet               NAT router B

192.168.40.20 --- 192.168.40.10 ---- LAN 192.168.40.1 ---- 111.111.111.111 WAN ---------  WAN 222.222.222.222 --- LAN 10.10.10.1 --- 10.10.10.10
  ssh server        ssh server                                                                                                       my pc running
  on port 22        on port 2222                                                                                                      ssh client

user2 /passwd2   user1 / passwd1
The client can connect to port 2222 of 111.111.111.111: ssh -p 2222 user1@111.111.111.111
Due to port forwarding that actually connects to 192.168.40.10.

If we want to connect to web and mysql, we could run:
Code:
ssh -p 2222 -L 8080:192.168.40.20:80 -L 3306:192.168.40.20:3306 user1@111.111.111.111
While that session is alive, the ports of client pc 8080 and 3306 would be forwarded to web and mysql. This assumes that the MySQL is set to accept TCP from outside.

Code:
ssh -L 8080:localhost:80 -L 3306:localhost:3306 -J user1@111.111.111.111:2222 user2@192.168.40.20
In this version tunnel jumps via proxy 192.168.40.10 and it is the process of sshd in 192.168.40.20 that appears to connect to web and mysql on that same machine.
 
  • Like
Reactions: mxnerd

ASK THE COMMUNITY