Tuesday, October 4, 2011

More fun with ssh tunnels... accessing Web

Suppose that you have some Web application and you can access it only from local network, either because firewall on the host itself protects access or there is firewall at the network perimeter. Either way, you are currently somewhere on the Internet and you have to access this application, e.g. some administrative interface.

In my case, I have Zimbra Web administrative console access confined to local network only and sometimes it happens that I have to access it from remote location. Suppose that the remote site is zimbra.domain.com and that Zimbra Web administration interface is at default port 7071. I'll use z.z.z.z to denote IP address of that server. Additionally, you need to have some server within your local network that allows SSH access. This server has to be visible from the Internet, and if it is directly accessible that everything is fine. Otherwise, if you are using NAT you'll have to punch a hole in your firewall to forward all the connections from the outside to that machine. Either way, suppose that this server has public IP address s.s.s.s.

Ok, here is what you have to do. From your local machine, i.e. the one that you are currently work on and that is outside of you local network, execute the following ssh command:
ssh -L 7071:z.z.z.z:7071 s.s.s.s
All you have to do now is to open Web brower and enter the following URL:
https://127.0.0.1:7071
In case when virtual hosts are used, you'll have to add the following line into your /etc/hosts file:
127.0.0.1           web.server.name
and then, URL you'll use is:
https://web.server.name:7071
While this is necessary in general case, in case of Zimbra it is not since Zimbra should be only service running on a particular IP address.

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive