SSH Bridge/Tunnel Made Easy

Suppose you have a machine in a closed network (let’s call it NEEDY), with a single connection to a login host (that we call LOGINHOST). But you need to connect this machine to some service on the internet, and you are not root, and thus, not able to configure the route.

To make it even simpler, let’s just say that you want to connect to the google webpage: http://www.google.com:80

Couldn’t be simpler.

ssh -f -L 35000:www.google.com:80 user@LOGINHOST -N

-f: runs in background
-L: binds port/host. 35000 is the local port. 80 is the port that will be accessed.
-N do not execute any command on the remote host (in this case, LOGINHOST)

So, now you just need to access localhost:35000, and ssh will make sure it pipes it to LOGINHOST, and from there, to http://www.google.com on port 80.

Update: now, to access something INSIDE a network. For example, a VNC server in a network under a NAT connection.

you open the vncserver normally. It says which X display is. Vnc uses (5900+D), where D is the X display. So, if vnc is using display 3:0, you have port 5903.

So you connect from the external machine, via SSH tunnel, to the machine accessible to the internet:
ssh -L 5093:INTERNAL_MACHINE_IP:5903 user@internet_accessible_host -f -N

And now, you connect to the port on your own machine:
vncviewer localhost:3


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s