Connecting to a server behind the firewall


Some of our servers are behind the stadium’s firewalls, and we don’t have control over those firewalls. Our AWS servers, accessible by ssh on the internet, needs to connect to our physical servers behind the stadium’s firewall. I found the quickest way with minimum system-wide impact is to use so-called “ssh remote forwarding”.

If we call the host behind firewall HF, and the host in AWS HA, there are two steps to let HA connect to HF’s port 80. 1. HF runs ssh to connect to HA. 2. HA connects to HF by connecting to HA’s local port.

Here are the commands:

  1. on HF: ssh -R 8083:localhost:80 HA   , which forwards HA:8083 to HF:80
  2. on HA: browser to: http://localhost:8083 , which actually connects to HF:80.
  3. Optional.:GatewayPorts is needed only if other machines need to connect to HF through HA

“remote” means remote to sshd. In another words, sshd and the forwarding destination is not on the same local network.

Advertisements
Comments are closed.
%d bloggers like this: