Winding through – ssh tunnels

Avoided it for a couple of hours, but after looking it up it wasn’t that hard after all.

Summary:

I needed to connect to a client’s broadband modem to do some maintenance. Unfortunately we’ve set the client up such that administrating the modem is only possible ‘from inside’ the client’s side of the cable modem.

The 2nd problem is that the modem is administered through a web interface so the question is, how can I securely get Internet Explorer to connect through a machine on the inside back to this modem ?

In fact, only one machine on the network can access the modem.

I was side-tracked with another problem using tunnels, but the solution for this particular scenario was relatively simple.

ssh –L local-port:modem-ip:modem-port internal-host

local-port is the port on my local machine that I will point the browser to (for example: http://localhost:local-port)

modem-ip is the IP address for the modem, from the internal-host. For example, a non-routeable/private IP address such as 172.16.11.1.

modem-port. The port on the modem where the web interface is listening. For example 80 or 443

internal-host is the Host inside the network to which I can jump to from the outside (usually a machine with a public-ip)

ssh –L 4321:172.16.11.1:80 host.example.org

I can access the modem by starting up Internet Explorer and using the address http://localhost:4321

ssh –L 4322:172.16.11.1:443 host.example.org

I can now access the SSL secured interface by using the address https://localhost:4322

Using the above scenario you can supposedly daisy-chain (connect from one server to the next) by having multiple terminals making one link to the next.

There’s also some ssh fu where you can chain from one machine to the next to the next on a single command-line, but we’ll leave that for another day.