SSH Reverse Tunnel to Access Box Behind Firewall

I frequently need to get access to a machine behind a firewall to do some web development, but I don’t have a VPN available. Not a problem - just use a reverse SSH tunnel. By the end of this tutorial, we’ll be able to SSH to the remote server, as well as view any web pages that server has access to.

We’re going to connect to the remote server using our local port 5000 - here’s how.

The 2 boxes we’ll use will be (also referred to as localhost) and We’re assuming you somehow have access to - maybe while at work or through some tool like Citrix. You might want to add monitoring to this to make it stable, but that’s outside the scope of this tutorial. Also, you’ll need direct outside access to your home machine - so you might need to configure your router to do port forwarding.

  1. First, from the remote server, SSH back to yourself.

ssh -R 5000:localhost:22

You can now SSH to the remote box through the tunnel by typing

ssh localhost -p 5000

All local traffic that connects to port 5000 is being forwarded via SSH through your reverse tunnel, back to port 22 on the remote machine.

The other half of the problem is viewing web pages of dev boxes behind the firewall - it turns out this is pretty easy once you’ve got the reverse proxy going.

On your home machine type the following:

ssh -D 9999 username@localhost -p 5000

Next, you’ll need to set up a SOCKS proxy. Open your browsers settings and it to the server “localhost” on port 9999. This will forward your traffic back through the tunnel and to the remote server. I do this using FoxyProxy & Firefox, so I can limit the domains that actually route through the proxy.

Screen shot 2010-03-04 at 2.23.30 PM.png

That’s about it - you should now be able to visit any site that’s in the private network. You now have command line and full browser access.

Helpful references:

embrace ubuntu