This one goes out to my geek homies:
I have a customer who opened up their firewall in the dead minimal manner to allow me access. They gave me port 22 (ssh) inbound from a particular IP (our corporate server). This meant that I could get in and poke around, but web access was denied me. Normally in such situations, I use a single ssh redirection, like so:
ssh -L 8080:their.server:80 my.server
This sets up a tunnel from port 8080 on my laptop to port 80 (the web port) on their server. I go to http://localhost:8080, and I see their web server. Their firewall allows this because they only ever see inbound requests from my corporate server, on port 80. It’s all nice and secure, because I still need an account on my.server to set up the connection.
However, in this case, I needed to take another step. Their firewall was blocking port 80 across the board. So, I set up a chain of tunnels:
ssh -L 8080:my.server:8081 my.server
ssh -L 8081:their.server:80 their.server
The first line sets up a tunnel to port 8081 on my server. So, I go http://localhost:8080 and it goes to a non-used port on my corporate server. The second line forwards that, via ssh to port 80 on their server. It gets past their firewall, because I’m connecting through port 22. Their webserver sees the requests coming from *itself*, which is totally cool. Again, still all nice and secure, since I’m connecting through ssh.
I feel that this is ninja.
Leave a Reply