I'm having a hard time understanding how to set this process up. I'm having a hard time understanding the -R and -L options with ssh clients.

My goal: Proxy an SSH connection from a dedicated little Linux box that's continuously connected via SSH to a publicly available server to an internal resource on a corporate LAN.

Setup:

[Private Server]:192.168.1.2:80 <-- "LAN Server" Web Server
[A linux box with SSH]:192.168.1.3 <-- "LAN Host" Linux Box
^- private IP's (192.168.1.x)
{router} & {Internet}
[Public Server:x.x.x.x:22 <-- Publicly available SSH server
[Laptop from an end user]: Could be anywhere...coffee shop for example

Desired effect:

Private Server <-- LAN Host --> ssh to Public Server <-- Laptop ssh into Public Server, accesses resource on: http://localhost:xxxx

I want the Laptop online to be able to ssh into a publicly available server which port forwards to a port on the LAN host which is also connected to the server and then the LAN host forward whatever port works to port 80 on the internal LAN web server.

I understand VPN and port forwards...I can do all that but for this example I am working on a different project where I need this type of setup...this is only an example.

I thought what I was to do is:

LAN Host --> Public Server: ssh -R 12000:192.168.1.2:80 -p 22 user@pub.lic.ip.addy
* Connects to the public server and reverse forward port 12000 to 192.168.1.2:80 (www)

Laptop --> Public Server: ssh -L 12001:localhost:12000 -p 22 user@pub.lic.ip.addy

Result: The "Public Server" is now connected to both hosts and if you go to: http://localhost:12001 it reverse redirects you to the LAN host's port 12000 which is redirecting you to the 192.168.1.2:80

...it doesn't seem to work though.

I'm still playing around with it but I'm hoping to get some help on this advanced type of config.

Thanks!

I'm trying to visualize your setup. How close is the following to what you have?

Can [Public Server] reach both [Linux Box .3] and [Private Server .2]? Or just the former?
Which machines have sshd running?

It appears the OP is trying to circumvent a corporate firewall by using a reverse ssh tunnel.

This could be a violation of your corporate employee internet usage policies and outgoing traffic on port 22 could be blocked. Anything that goes against the corporate rules could also be considered going against the LQ rules...

You can find examples of how to bypass a firewall using ssh by just googling.

Depends on the company and the setup and who's in charge and what the agreements are. It's a perfectly reasonable arrangment for telecommuting when telecommuting is allowed. Devel machines should never be on the open net anyway so tunneling is one good way of working on them. I used a somewhat similar set up legitimately last week for some experiments but with a SOCK5 proxy to the inside instead.

I agree. The company I worked for blocked everything...

I figured it out. It's not a corporate violation, I own the joint LOL.

Here's the "fix":

On your client machine INSIDE your company you ssh to your publicly available ssh server which has to have the /etc/ssh/sshd_config file set with the "GatewayPorts yes" option in the sshd_cofing file > restart sshd & ssh (ubnutu it's: "service sshd restart" or "service ssh restart"):

* Breakdown: the "-R" is the reverse port so on the server you're ssh'd into it creates a listening port on the public SSH server. That listening port is mapped to the internal IP address of the resource you need like the web server on port 80. So your internal linux box is basically creating a proxy port to the web server through it.

On your client machine OUTSIDE your company you ssh to your publicly available ssh server and you use this string:

* Breakdown: The "-L" is localhost to your machine so you're tunneling port 12001 which maps to the 12000 local port on the public server which is tied from our previous connection to the other -R connected "proxy" box.

On the client machine you then open up your web browser and you type in: http://localhost:12001. It works!

This can also be done for RDP or any other protocol you need to work over this proxy type model. If I needed RDP I'd do this:

My proxy box / INSIDE machine:
My client machine / OUTSIDE machine:
It works. I couldn't get a clear understanding and had to take a break from it and further process it in my head, look at a few other examples I had in my stack of stuff that worked at one time. I never used the -R option and it just took a while to sink in.

Thanks all.

Oh...and by the way. IF you change your public server to listen with SSH on port 80 no corporate firewall will block this method...I'm in no way condoning using this method as a hacking tool. In my use case I am using port 80, so my ssh command also used the "-p 80" option to tunnel ssh through port 80 because no corporation blocks port 80 or 443 and they also almost 100% of the time don't have IDS looking at the packet streams to see if you're running anything else through port 80 besides http :-)

Excellent. Reverse tunneling is a little confusing at first.

It would be a better idea to set that to "no" so that foreign hosts cannot connect to the ports you have forwarded. See "man sshd_config"

The chaining of forwarded ports should work without changing GatewayPorts to "yes" because you are connecting to the machien in the middle via the local host from both the machine outside (via -L) and the machine inside (via -R).