Working from home + ssh tunnels = Instant win!

Since I have to get out to Hankø as soon as possible after work today to help the re-bolting guys I decided to work from home to save some time (the train ride to work lasts for one hour). When I sat down to give some of our consultants some more tickets on our Trac I remembered that I could no longer reach our internal development machine via the firewall at work because of some ongoing network changes. The firewall at work has a port that is forwarded to port 22 on our development machine so we can more easily access the machine but that is no longer an option since the access to the firewall is restricted.

I tried to access it via some firewalls at our server parks and found one that worked. Now … how can I be able to browse the internal dev machine at work (at port 80) from home, via a firewall at an external server park, via a port on a firewall at work that only forwards to 22 on the development machine?

Enter ssh tunneling!

I will use the following host names on the machines I need to talk to:

Development machine at work: dev
Firewall at work: fw-work (assume port 44444 forwards to dev:22)
Firewall at server park: fw-park

Now … what I want is to browse dev in my browser. First I edit my /etc/hosts file to have dev point to The next thing I need to do is to shut down the local apache process since I want to forward all traffic on port 80 on my localhost through an ssh tunnel. Once that’s taken care of I need to
create a tunnel to fw-park using a random port:

ssh -L 2222:fw-work:44444 myusernameatwork@fw-park

Ok … so now I have a port on my machine at home (2222) that goes to port 44444 at the firewall at work (which is forwarded to dev:22) via fw-park. Once I’m connected to fw-park I can test the tunnel by doing:

ssh -p 2222 myusernameatwork@localhost

I enter my password and voila, I’m logged on to dev! So, the last step is to send all traffic on port 80 on localhost through that port so it ends up on port 80 on dev. To do that I issue the following command:

sudo ssh -p 2222 -L 80:dev:80 myusernameatwork@localhost

I need to be root to forward a port below 1024 so I prefix the command with sudo. When I’m logged in I point my browser to http://dev/ and suddenly I can browse the dev machine! Thanks to Mats for helping me out with this one!

This entry was posted in Technology, Work related and tagged , , , . Bookmark the permalink.

3 Responses to Working from home + ssh tunnels = Instant win!

  1. I’ve been doing this for some time too, Christer. A few times I’ve even tunneled X11 through several SSH hops, so that I could use Evolution to access some calendars and email. But even with today’s broadband access, this is so slow that a heart attack is the likely outcome of prolonged use :-)

  2. christer says:

    @oter: I have been doing it for some time as well, but only via the firewall at work. I could no longer connect directly to it so I had to go via the m323 firewall to get to the firewall at work. It was a bit slower though…

  3. The reason for it all to be dead slow is usually that you forget to add -C to compress the ssh-stream.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s