Well, referring back to this question, I am running the command
ssh -R 8080:localhost:80 -N root@example.com
on a Mac. Yet the port that is being tunneled is not working publicly. I am running such a command to make it so that the local port can be opened on the remote computer. And it does work when opening the port on localhost on the remote computer, but when I try to access the public IP address of the remote computer from my local computer the port doesn’t seem to be open. How would I make the tunnel public on the IP for anyone to access?
EDIT: It seems as if the remote side binds only on localhost instead of to all interfaces.
EDIT 2: The client is Mac OS X 10.6 and the server is Linux Mint, but they’re both OpenSSH.
Answer
If you check the man page for ssh, you'll find that the syntax for -R reads:
-R [bind_address:]port:host:hostport
When bind_address is omitted (as in your example), the port is bound on the loopback interface only. In order to make it bind to all interfaces, use
ssh -R \*:8080:localhost:80 -N root@example.com
or
ssh -R 0.0.0.0:8080:localhost:80 -N root@example.com
or
ssh -R "[::]:8080:localhost:80" -N root@example.com
The first version binds to all interfaces individually. The second version creates a general IPv4-only bind, which means that the port is accessible on all interfaces via IPv4. The third version is probably technically equivalent to the first, but again it creates only a single bind to ::, which means that the port is accessible via IPv6 natively and via IPv4 through IPv4-mapped IPv6 addresses (doesn't work on Windows, OpenBSD). (You need the quotes because [::] could be interpreted as a glob otherwise.)
Note that if you use OpenSSH sshd server, the server's GatewayPorts option needs to be enabled (set to yes or clientspecified) for this to work (check file /etc/ssh/sshd_config on the server). Otherwise (default value for this option is no), the server will always force the port to be bound on the loopback interface only.
No comments:
Post a Comment