Forwarding Specific Ports through SSH Reverse Tunnels
Solution 1
I'm not sure why you are using two separate ssh commands here? If you want to forward port 6600 on the EC2 instead to port 6600 on the machine at home then all you should need to do is:
ssh -R :6600:localhost:6600 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddress
You will also need to make sure that the GatewayPorts option is enabled in the sshd_config file on the EC2 instance.
Obviously you will need to leave that ssh connection open for the port forward to continue working but other than that there shouldn't be any problems.
Solution 2
Could you please provide the output of:
netstat -tulpen
on ec2serveraddress. I expect to see that both tunnels are starting at 127.0.0.1:PORT? 127.0.0.1 is the IP of the local machine itself, not accessible from outside. That means you can access this tunnel from the server itself but not from any other machine...
If this is the case, please add the following to your /etc/ssh/sshd_config:
GatewayPorts yes
This option will create the ports at 0.0.0.0, so you can connect from everywhere. If there are no other reasons for creating two connected tunnels you can of course shrink it to only one:
ssh -R 6600:localhost:22 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddress
This will create a tunnel ec2serveraddress:6600 to your home:22.
Related videos on Youtube
14 : 27
17 : 43
16 : 17
07 : 39
![SSH Tunneling [Explained] | Reverse Shell over the Internet [WAN]](https://i.ytimg.com/vi/dKDgynsTAkw/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBjfK8NOkDinSlzt6iMN4q_yv04Pg)
20 : 24
Prakash Kansurkar
2LT in the USAF, Coding for resume and fun
Updated on September 18, 2022Comments
-
Prakash Kansurkar almost 2 years
So unfortunately I live in a place that will not let me have a static IP, so I have been setting up access to my home computer via reverse SSH tunnels that run on an micro amazon ec2 instance. I have gotten SSH to work fine, but I cannot figure out port forwards.
Here is a small infographic I made to help illustrate (i felt the question was clearer with a diagram of what I was trying to do.
Here are the commands listed in the graphic:
I the following on my home computer:
ssh -R 1337:localhost:22 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddressand I run this on the ec2 server:
ssh -L6600:localhost:6600 -Nf localhost -p 1337
FYI, I have added port 6600 into my security group for amazon ec2, so its open on the ec2 side
-
Admin about 13 yearsI have a similar setup (I think) that allows me to connect to my mac at home via VNC... I use a server in the middle and push everything through ssh. Office Win7 machine tunnels into the server and the home MacOS machine tunnels into the server, then on the office Win7 machine I launch a VNC client and connect to localhost:customport... maybe the tunnel on your EC2 instance should actually be initiated by your client?
-
-
Prakash Kansurkar about 13 yearsgist.github.com/1053579 is what happens when I type "netstat -tulpen" on ec2 after running: "ssh -R :6600:localhost:6600 -i .ssh/tokyoMinekey.pem ec2-user@ec2serveraddress on my home machine"
-
Prakash Kansurkar about 13 yearsI got it working!
-
Bryan P over 9 yearsWhy does your simple ssh call use no proceeding colon on
ssh -R 6600:localhost:22 ..., when the answer from @TomH has one? (ssh -R :6600:localhost:22 ...? Is there any difrerence?
