SSH Reverse Tunnel to Access Box Behind Firewall
I frequently need to get access to a machine behind a firewall to do some web development, but I don’t have a VPN available. Not a problem - just use a reverse SSH tunnel. By the end of this tutorial, we’ll be able to SSH to the remote server, as well as view any web pages that server has access to.
We’re going to connect to the remote server using our local port 5000 - here’s how.
The 2 boxes we’ll use will be my.home.com (also referred to as localhost) and my.remote.com. We’re assuming you somehow have access to my.remote.com - maybe while at work or through some tool like Citrix. You might want to add monitoring to this to make it stable, but that’s outside the scope of this tutorial. Also, you’ll need direct outside access to your home machine - so you might need to configure your router to do port forwarding.
- First, from the remote server, SSH back to yourself.
ssh -R 5000:localhost:22 email@example.com
You can now SSH to the remote box through the tunnel by typing
ssh localhost -p 5000
All local traffic that connects to port 5000 is being forwarded via SSH through your reverse tunnel, back to port 22 on the remote machine.
The other half of the problem is viewing web pages of dev boxes behind the firewall - it turns out this is pretty easy once you’ve got the reverse proxy going.
On your home machine type the following:
ssh -D 9999 username@localhost -p 5000
Next, you’ll need to set up a SOCKS proxy. Open your browsers settings and it to the server “localhost” on port 9999. This will forward your traffic back through the tunnel and to the remote server. I do this using FoxyProxy & Firefox, so I can limit the domains that actually route through the proxy.
That’s about it - you should now be able to visit any site that’s in the private network. You now have command line and full browser access.