-1

I have a Linux server which only opens two ports for public:

remote-server-ip : 1111
remote-server-ip : 2222

We have a web application in the server which use 3333 port and can't be changed.

So, to be briefly what I need is:

  1. In a public network, use browser visit http://remote-server:1111 or http://remote-server:2222.
  2. The remote server access my request and forward my request to port 3333.
  3. Response my request.

I thought ssh forwarding should do this. But what exactly should I do to make it ?

I have tried this in the remote-server : 

ssh -N -L 1111:127.0.0.1:3333 127.0.0.1

But it doesn't work at all, nothing happened.

WoooHaaaa
  • 1,605
  • 4
  • 15
  • 13
  • 3
    This question appears to be off-topic because it is about defeating local security settings. – MadHatter Aug 29 '13 at 08:25
  • Can you make it clear ***WHY*** you want to do this (as opposed to just opening another port)? This does tread dangerously close to "circumvention of security or policy", which is an explicitly out-of-bounds topic area on Server Fault (we're not going to help you break out of another sysadmin's security, we wouldn't appreciate it if they helped you break out of ours!) – voretaq7 Aug 29 '13 at 15:50
  • You should check out what exactly ssl -L does. It's probably only listening on loopback. – Falcon Momot Aug 29 '13 at 20:53

2 Answers2

2

What did you expect to happen?

That said, you have ssh'ed from the remote server to the remote server while forwarding ports on the remote server, which although it will work, may not produce the results you expect. Try:

desktop% ssh -N -L 26622:localhost:3333 remote.server.address

and then access localhost:26622 from desktop; that should connect you to remote.server:3333.

Edit: that's not how ssh forwarding works, and it's not what it's for. You need to talk to the sysadmin who maintains the firewall on remote.server, if you want to open up a port for the inbound internet. Also, I'm afraid questions about defeating security provisions are generally considered off-topic for Server Fault.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • I need to access the remote server's 3333 port via `http://remote.server:3333`, from a public network. I can't access `remote.server:3333` directly since it only opens `1111` and `2222` for public. – WoooHaaaa Aug 29 '13 at 08:21
2

This sound more like the need for a local proxy.

The solution I use is based on Apache httpd. Externally only port 80 can be accessed but the internal web application listens on port 8080. If you can set up an apache with the following config it shold work:

Listen 1111

ProxyRequests Off

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>


<VirtualHost *>
    Servername localhost
    ProxyPass   /   http://localhost:3333/
    ProxyPassReverse   /   http://localhost:3333/
</VirtualHost>
dweisser
  • 21
  • 3