Web-server – tunnel port 8080 over jumpserver using ssh – socks5 proxy

dmzsocksssh-tunnelweb-server

I have this setup:

LocalPC – Jumpserver – Webserver with page only accessible on this machine via

localhost:8080

LocalPC and Webserver are not connected – Jumpserver has to be used.
Jumpserver doesn't have access to the Webpage on Webserver

I want to use Firefox to view this webpage on LocalPC.

I know how to make socks proxy to Jumpserver – normally this is enough but not in this case

ssh -TD 8080 me@jumpserver

and

I know how to tunnel one specific port over Jumpserver

ssh -f -N -q -L 2222:me@target:22 me@jumpserver

But using the first method only makes a tunnel to Jumpserver and using the second method with ports 8081:me@webserver:8080 doesn't give error but results in 404 for

http://localhost:8081

in firefox…

So how will I see the website on LocalPC?

And for security reasons:
I need both connections encrypted and let no other users on Jumpserver use the tunnel.

(Sry for codeblocks – I am not allowed to write word localhost…)

Best Answer

I didn't know that you could daisy chain ssh tunnels but I just tried it out & it works just fine. This is my test environment

192.168.1.10 (HearNoEvil) Browser
192.168.1.20 (SeeNoEvil) Piggy in the middle
192.168.1.30 (SpeakNoEvil) Server

Daisy chains looks like this

Tunnel

192.168.1.30:8080 <-> 192.168.1.20:8081

SeeNoEvil:~# ssh -f -L 8081:127.0.0.1:8080 user@SpeakNoEvil -N

Tunnel

192.168.1.20:8081 <-> 192.168.1.10:8082

HearNoEvil:~# ssh -f -L 8082:127.0.0.1:8081 root@SeeNoEvil -N

Socks Proxy 127.0.0.1:8082

https://HearNoEvil.testy.test:8082

I'm working of course backwards for the outside in & SpeakNoEvil is my Server. HearNoEvil being my browser. Hope this was helpful. (^_^)

Best Answer

Related Solutions

Ssh – setting up a proxy to mirror an SSH SOCKS connection

Iptables – SSH Socks Proxy wiith iptables REDIRECT

Related Topic