I am using Putty to achieve SSH Reverse Tunnel Port Forwarding. Most of the tutorials are teaching me to forward remote port to localhost port. However, may I know is it make sense to input other host such as 192.168.1.132:8081 into the Destination field?

I have tried to do that. 192.168.1.132:8081 is a working web server with a contented page, but I got ERR_EMPTY_RESPONSE when I visit localhost:12345 (I set port 12345 as the source port) from the client device.

My Putty Configurations

Outgoing Proxy configuration:

Outgoing Proxy configuration

Tunneling config (the Dynamic one is for the Socks5 connection, please just ignore it; the R12345 one is the tunnel that I am playing with):

Tunneling config

The result that I try to access the tunnel from the Destination (SSH Server):

Can anyone help me?

UPDATE 1

In the device that I am running SSH command, I am going out with via a proxy server. Is that affecting the reverse tunnel behavior?

UPDATE 2

I have tried to make the reverse tunnel from the http server directly. However, in the SSH server I can visit the website by http://localhost:12345. Attched setting and result at below.

Same, http server needed to go out via my office's http proxy too!

Create a reverse tunnel from http server

And then I can visit the http server from SSH server via localhost:12345

mannok

Posted 2018-01-19T06:45:26.987

Reputation: 113

@KamilMaciorowski Sorry for undetailed question. I have updated the question with some image. – mannok – 2018-01-19T07:08:42.800

1What happens when you browse 192.168.1.132:8081 from the SSH client? (with no SSH involved in this case at all). Do you see proper page? – Kamil Maciorowski – 2018-01-19T07:21:11.310

@KamilMaciorowski Sure, normal page, normal performance – mannok – 2018-01-19T07:34:43.263

Please read this. The HTTP server at 192.168.1.132:8081 may ignore requests destined to addresses other than 192.168.1.132. When you connect from the remote side of your SSH connection, the address is localhost:12345 and it doesn't fit. If the tunnel didn't work at all, you would get ERR_CONNECTION_REFUSED, not ERR_EMPTY_RESPONSE. TOOGAM's answer is right: in general you can build tunnels this way.

– Kamil Maciorowski – 2018-01-19T07:44:34.357

@KamilMaciorowski I see. That means the empty response is generated by the http server right? Because of invalid domain/hostname? But when I type localhost:8081 is the http server, I can access the page. In this case the requesting hosename is localhost too! – mannok – 2018-01-19T08:01:32.320

"That means the empty response is generated by the http server right?" – I think so. When you type localhost:8081 on the HTTP server, the request goes through its loopback interface. Requests from other computers arrive from elsewhere (like via eth0 or so). I guess this does matter when the HTTP server software checks sanity of these requests. – Kamil Maciorowski – 2018-01-19T08:12:18.290

@KamilMaciorowski Thank you very much for your patient reply!!! But I have try another test just now and updated in update 2. I make the tunnel directly from http server this time and it works and I can visit the http server from SSH server!! This makes me so confuse... – mannok – 2018-01-19T08:26:33.417

You're abusing the concept of the site. You had one question, it was answered by TOOGAM. My comments were only to convince you your results are not against this answer you got (the issue is not with SSH). Comments are not for solving additional questions, really. But OK, let's try. The local side of your connection passes packets to localhost:8081, so to the loopback interface. The HTTP server sees localhost:12345 used in the address of the request incoming from the loopback interface. The server probably doesn't mind another port, the rest fits. These are nuances of the server, not SSH. – Kamil Maciorowski – 2018-01-19T08:40:08.850

To avoid possible peculiarities of HTTP servers you may play with listening netcat being the target of your tunnel. – Kamil Maciorowski – 2018-01-19T08:43:28.757

To easily test if the web server is only responding if it's accessed as http://192.168.1.132:8081, you can try what http://192.168.1.132.xip.io:8081 gives you. (See http://xip.io for documentation.)

– Arjan – 2018-01-19T11:03:10.963

Check the access log/errorlog on the destination http server and the browser network console of the tries with and without ssh tunnel to verify no http redirects are executed. (And yes, this is a Problem outside of the ssh setup i.e. not your original question anymore). – eckes – 2018-12-07T00:31:54.213

Answers

Yes!

BUT you need to understand, that this other_host that you will be specifying is at the context of the LAN network of the ssh client. Because the ssh client and the ssh server could be in two different LAN networks.

For example:

ssh -R 1234:192.168.1.69:4321 johnny@terabithia.com
#                 ^
#                 |_ other_host

Then, you better be sure that 192.168.1.69 is pingable from your end (the ssh client). There could be a machine with similar ip address of 192.168.1.69 within terabithia.com's reach in terabithia's network LAN, but that is not the other_host that is being referred to in the above snippet.

Some subtle things to take note of:

Despite you setup a listening tcp port 1234 inside terabithia.com, but this not publicly accessible in terabithia.com. Meaning that, if you check for port opening by nc -w 5 -z terabithia.com 12202 && echo "open" || echo "close" then you will see the close message printed as the port is only accessible inside terabithia.com.
The command nc -w 5 -z localhost 1234 always succeeds inside terabithia.com even if there is no listening port in the other_host or even if other_host is non-existent at all. In this cases, the error messages are printed in the ssh client console.
As ssh is tcp-based connection-oriented communication protocol therefore, you will need other tools in combination such as nc or socat to forward UDP ports.
Two major confusion is the use of -R versus -L. The trick for easy understanding this topic is to think that the ssh client and the ssh server belongs to two different network LANs. The context of other_host is taken from the ssh client's LAN if -R is used. Otherwise if -L, then the context is taken at the ssh server's LAN.
Only -L can open a publicly accessible port if you add the address binding field.

typelogic

Posted 2018-01-19T06:45:26.987

Reputation: 123

Yes, you can do that, but if you don't understand how it works, it is easy to make incorrect assumptions.

If I recall correctly (it's been a several months, so in the interest of getting you an answer quickly, I hope I'm getting this right...)
a tunnel specified as with the "Local" port will cause a piece of software, which I will call a "listener", to listen on the machine running the SSH client. A "Remote" port will cause a piece of software, which I will call a "listener", to listen on the machine running the SSH server.

Understanding Localhost with Tunnels:
Now, here's the really tricky part that can easily through you for a loop. Normally, when you're on one computer, you think that "localhost" refers to that computer. But, um, no. It is best to think of the "destination" field as text. So after the listener receives traffic, the listener will forward that traffic through the local SSH software, which will encrypt the data and push the traffic through the tunnel. The side that is sending the traffic will also provide the "destination" information. Then the remote SSH software will receive that traffic, and look at what the destination says, and then try to send the traffic there.

So, if you type "localhost" on your client, the text "localhost" gets sent through the SSH tunnel, and it is actually the remote end which will resolve "localhost". So, localhost can easily refer to a different machine than the machine you type the name on.

TOOGAM

Posted 2018-01-19T06:45:26.987

Reputation: 12 651

Your general answer is right but the "localhost" explanation is rather opaque, especially in context of the question, because: (1) OP's SSH settings don't involve localhost at all; the only usage is localhost:12345 in the remote side browser, which is right. (2) We're talking about remote forwarding, so the destination (if it was localhost or whatever) is resolved locally anyway. Destination is resolved on the non-listening end of any tunnel. The confusion may appear in case of local forwarding (example) where non-listening end is the remote one.

– Kamil Maciorowski – 2018-01-19T08:04:06.450

Can I use other host instead of localhost for Destination Field in SSH Reverse Tunnel Port Forwarding?

Yes, you can put any host you want in the destination host field

Command line tunnel definitions

For the purposes of this answer I will use the form X:Y:Z, which is how the command line SSH client describes tunnels, where this tunnel:

Source Port
- 1234
Destination
- localhost:4321

would be described as 1234:localhost:4321

How tunnels work

There are 2 types of tunnels that have a destination set:

Local tunnels

For a tunnel defined as X:Y:Z you can treat the traffic as being sent into the client at port X, and the server connecting to host Y on port Z, and forwarding any traffic through.

Remote tunnels

For a tunnel defined as X:Y:Z you can treat the traffic as being sent into the server at port X, and the client connecting to host Y on port Z, and forwarding any traffic through.

What can you use tunnels for

Local tunnels can be used for:

Accessing services that are not accessible over the internet
Accessing services that can only be used from a specific IP

Remote tunnels can be used for:

Allowing remote systems to access ports on your local machine without exposing them to the internet
Exposing other systems on your network over the internet

jrtapsell

Posted 2018-01-19T06:45:26.987

Reputation: 408

If you have specified a proxy then in some cases you need to add the local IP address (192.168.1.132 in this example) to the "excluded hosts/IP address" list in the proxy settings panel. Otherwise the reverse ssh connection going through putty will try to connect to the local IP address using the proxy.

Bram

Posted 2018-01-19T06:45:26.987

Reputation: 1