[PLUG] Reverse SSH tunneling with HTTP proxy

Sun Jul 7 23:44:04 UTC 2019

> Hello,
> 
> I'm very possibly going about this the wrong way. I've tried all manner of
> search terms that I can think of with variations of what I put in the
> subject line.
> 
> Basically, for a long time it worked very well to just open an SSH
> tunneling command to connect to the network at my dad's house to do
> maintenance on the computers/networking equipment there. All was good until
> he either changed providers or just had problems with his equipment. Either
> way, he got a new modem, and instead of replacing his existing all-in-one
> modem and router, he and/or the tech decided it would be safer to just add
> the new modem upstream of the existing one, and just have two NAT
> translations happening. This broke my port forwarding that I had working,
> so I had to change how I got access. I don't know if he even has access to
> the settings in the new modem - it's a Comcast thing, and he's not sure,
> and I think he's also a little uneasy about the idea of changing anything,
> since it's now working well and he went for a while with having things be
> really flaky.
> 
> So to keep his stress level low, the first time afterwards that I went out
> there I got onto the linux server that I have running there and set up a
> persistent reverse SSH tunnel using autossh. It works great, and all I have
> to do from my local server machine is run 'ssh -p 2222 localhost' and I get
> connected and everything is good.
> 
> However, to do a fix for a current problem, I need to get http access to a
> server running on that same machine. All of the logs make it look like it's
> running fine, but they're reporting that something isn't right. Before, I
> could set up a tunnel and use a proxy command to then connect from a local
> machine to a port on the server at my dad's house and do whatever amount of
> troubleshooting I needed. With the new reverse tunnel set up, it doesn't
> seem to be accepting the proxy traffic, and I have no idea why.
> 
> Dad's server  Dad's old modem/router --- Dad's new modem --- internet ----
> my modem/router --- my server --- my laptop
> 
> So I want to use firefox on my laptop to view content served from my dad's
> server, but the only possible connection is currently through a reverse ssh
> tunnel set up on my server. It seems like this must be a somewhat basic
> thing to do, as all I want is for traffic sent to a chosen port on my
> server to be rerouted through the existing SSH tunnel and then appear to
> originate on my dad's private network so that it can then query the http
> server and send the response back through the tunnel.
> 
> But maybe I'm trying to do this the hard way and there's a simpler
> solution? Maybe I just don't know the right search terms to use? I could be
> calling these things the wrong names. It's a bit of a drive to get out
> there in person, and I'd like to get this running before the next time that
> I'm planning to be there anyway, if possible.

One thing that is kinda sic, but came to mind as a quick and
dirty would be to run a forward ssh ontop of your reverse
ssh with the proper -L options to get you a local port
pointing at the remote http server.

I do not think your going to get a reverse ssh do what you
need, but then again, I am not one to use reverse ssh :-)

> Thanks!
> Erik

-- 
Rod Grimes                                                 rgrimes at freebsd.org