使用 SSH 隧道转发对防火墙后面网站的访问
Forward access to website behind firewall using SSH tunneling
我发现了类似的情况 in this topic 但它指的是 ssh,我需要转发对网络服务器的访问。
现在的样子:
[私人服务器] - 在路由器和防火墙后面,通过public ip不可用
访问
[中间服务器] - public ip, ports open
[ 用户 ] - 通过网络浏览器连接到 中间服务器 ,想要从 私人服务器
我已经做过的事情:
ssh -N -R 8888:localhost:80 root@[middle server ip]
现在我可以从中间服务器访问私人服务器 例如。通过:
curl http://localhost:8888
所以隧道工作正常。
问题是,当我(作为用户)输入[中间服务器ip]:8888时,我收到的只是ERR_CONNECTION_REFUSED
我错过了什么?某种端口重定向?如有任何帮助,我们将不胜感激!
此行为由选项 GatewayPorts 控制(默认为 off)。来自 ssh_config 的手册页:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
你还需要放
GatewayPorts yes
到您的 sshd_config,并明确指定本地地址:
ssh -N -R [middle server ip]:8888:localhost:80 root@[middle server ip]
或
ssh -N -R *:8888:localhost:80 root@[middle server ip]
我发现了类似的情况 in this topic 但它指的是 ssh,我需要转发对网络服务器的访问。
现在的样子:
[私人服务器] - 在路由器和防火墙后面,通过public ip不可用
访问[中间服务器] - public ip, ports open
[ 用户 ] - 通过网络浏览器连接到 中间服务器 ,想要从 私人服务器
我已经做过的事情:
ssh -N -R 8888:localhost:80 root@[middle server ip]
现在我可以从中间服务器访问私人服务器 例如。通过:
curl http://localhost:8888
所以隧道工作正常。
问题是,当我(作为用户)输入[中间服务器ip]:8888时,我收到的只是ERR_CONNECTION_REFUSED
我错过了什么?某种端口重定向?如有任何帮助,我们将不胜感激!
此行为由选项 GatewayPorts 控制(默认为 off)。来自 ssh_config 的手册页:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports.
GatewayPortscan be used to specify thatsshdshould allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
你还需要放
GatewayPorts yes
到您的 sshd_config,并明确指定本地地址:
ssh -N -R [middle server ip]:8888:localhost:80 root@[middle server ip]
或
ssh -N -R *:8888:localhost:80 root@[middle server ip]