Let’s say you have a server (server1) running a web app on port 9080 inside a firewalled vlan (vlan 1). Only ssh traffic on port 22 is allowed in to this vlan, and only from second management vlan (vlan 2). You are not in either of these vlans, but you can access a machine (server2) inside vlan 2.
Now, you need to access the web app. The solution is to use SSH tunnels, chaining a tunnel from your machine to the first in vlan 2, and then from that machine to the application server in vlan 1.
Use the following command to pull this off:
ssh -oproxycommand="ssh -qaxT server2 netcat %h %p" -L 9080:localhost:9080 server1
Now, you can access the web app from a browser by visiting the following URL: http://localhost:9080/.
If you need additional ports to be forwarded, add them by modifying the command as follows:
ssh -oproxycommand="ssh -qaxT server2 netcat %h %p" -L 9080:localhost:9080 -L 9043:localhost:9043 -L 9060:localhost:9060 server1
This comes from O’reilly’s “SSH, The Secure Shell: The Definitive Guide” aka the snail book.
Leave a Reply