Powered by coANDco UK

How to SSH tunnel to a server behind a firewall via firewall from the Internet

From How2s

Let's say you have the following setup:


YOU --- ( internet ) --- FIREWALL --- DESTINATION

and you want to drag'n'drop files from YOU to DESTINATION. What you'd have to do is create an SSH tunnel from YOU via the Internet and the Firewall to the destination.

You can do this by doing the following SSH commands in a Unix based system (for example Mac OS X):

1.) Create the tunnel

ssh -N -L 1100:DESTINATION_IP:22 user@FIREWALL_IP

2.) Connect to localhost (which will then be forwarded to DESTINATION via FIREWALL)

ssh localhost -l user -p 1100

That's it, you're done.

Explanation:

  • 1100 is an arbitrary port of your choice. This will be forwarded to 22, the port of DESTINATION.
  • -N means do not execute a remote command. This is useful for just forwarding ports
  • -L Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
  • DESTINATION_IP is an internal IP starting with either 10., 192., or 172. It can also be an internal domain name (for example webserver.local)
  • FIREWALL_IP is the public IP of the firewall. This can also be a normal domain name of course.
  • If you use SSL, you might have to use port 443 which requires root administrator rights on your local machine
  • If you use SSL, there is a chance that it requires to use the correct domain name (e.g. webserver.local). For this to work, you'd have to amend the hosts file if it checks for the domain name:
127.0.0.1   webserver.local
Please check out our sponsor, thanks to whom How2s.org is FREE: