Forward remote port to remote host

Using SSH, I can do something like ssh -R 8080:127.0.0.1:8080 remote.host to forward my local port 8080 to a remote host.

I'm trying to do something similar, but the port I need to forward is on a remote machine that I lack shell access to. For example, if the remote machine is located at 192.168.1.10, I'd like remote.host:8080 to be coming from 192.168.1.10:8080.

Can this be done with plain SSH? At some point I'll simplify this by just doing a port forward in the router, but I won't have that level of access for a few days.

Dan

Posted 2013-12-23T20:47:26.797

Reputation: 314

1So what kind of access do you have on the remote machine? – jjlin – 2013-12-23T21:06:35.890

I don't have any remote access to the remote machine. The only service it makes available is an HTTP server on port 8080. – Dan – 2013-12-23T21:38:39.527

I'm still not sure I understand what you're trying to do. Can you confirm or correct: you have three computers, let's call them webserver (192.168.1.10), which you have no ssh access to, but has a webserver running on it; external which you have ssh access to, and want the webserver available through; and local which is your computer. You want to be able to go to http://external and get tunnelled to the webserver. – tenorkev – 2013-12-23T22:12:30.900

That's correct. n.st's answer is what I wanted. – Dan – 2013-12-23T22:56:54.223

Answers

If you have shell access to another server on the same network, you can connect to secondserver via SSH and use it to tunnel all connections to your local port 8080 to port 8080 of the camera (IP 192.168.1.10):

ssh -L 8080:192.168.1.10:8080 secondserver

n.st

Posted 2013-12-23T20:47:26.797

Reputation: 1 538

This looks right, and I'd tried this earlier since it's how I interpreted the man page as well. However, while curl http://192.168.1.10:3306/ gets a response, ssh -L 3306:192.168.1.10:3306 remote.host followed by curl http://127.0.0.1:3306 on the remote machine gets curl: (7) couldn't connect to host. – Dan – 2013-12-23T21:37:47.117

Using -L opens a socket on your local system, so you'll need (or rather, be able to) run curl on the machine from which you have connected to remote.host. – n.st – 2013-12-23T21:41:30.643

That's right; I always get -L and -R confused. Using -R works perfectly, and I'm not sure why it didn't when I tried it before posting this question. – Dan – 2013-12-23T21:45:45.663

If you can run an ssh client on 192.168.1.10, then it's easy. With the standard ssh command-line tool there's an -L option, which does the reverse of -R - it forwards traffic from a local port to a port accessible from the ssh server.

If 192.168.1.10 is a Windows computer, I'd recommend PuTTY, where you can set up these network tunnels through the Settings menu.

tenorkev

Posted 2013-12-23T20:47:26.797

Reputation: 417

The remote host is a camera that runs a small web server on top of something FreeRTOS-based. It doesn't "officially" support shell access, which I'd need to run SSH. I've heard there are firmware hacks that could get me to a shell, but that's more work and potential risk than I'd like to take. – Dan – 2013-12-23T21:23:01.170

Right, I'd got the wrong end of the stick. I'll try again if I can get my head round what is needed. – tenorkev – 2013-12-23T22:14:05.723