# webbrowsing over SSH

## soldstatic

Basically I have a router that I can set to allow anyone to access the webpage for setup or only people on internal network. I'd like to be able to access this setup from accross the web but not through the actuall web interface like it wants.

I'd like to SSH to a computer on the internal network, then use links or another browser to go to the router set up page. Only problem is, links can't do frames and the router set up page has frames. Links in text mode would be perfectly fine but I can't see the whole page when I use it... are there any other types of browsers that can be run through ssh in a "text mode" type way so I don't have to connect to the xserver?

----------

## ld50

You could use port forwarding:

```

ssh -L 80:router_address:80 user@ssh_server_address

```

Notice port 80 will be listening on your local machine, so open http://localhost in firefox

also, edit /etc/hosts and put this line:

127.0.0.1 router_address

This way the webpage will be browsable

----------

## soldstatic

well see the desktop is running apache2, mysql, and ssh. Then the router is forwarding the appropriate ports, port 80 and 22. Then if I'm out of the home (not on the local LAN), I can't access the router. Sometimes i don't want to leave the router's port forwarding on so i'd like to be able to ssh into my desktop, then access the router through the LAN so I can turn off the port forwarding on it. Granted this would kick my SSH session closed but oh well. 

Basically if I'm at work I'd like to be able to access my computer so I'd turn on the apache server and then turn on the port forwarding on my router. Then at the end of the day I'd like to go home or something but if I'm not going home I'd like to turn the router's port forwarding off so that my desktop is even more protected.

And this way I could always leave the SSH on and SSH port forwarded and if I'm out of the house and want to turn on the webserver and everything, I could do it all over SSH but in order to change the port forwarding onthe router I have to access it through a web-interface type thing... :-/

----------

## snis

Id50 told you the solution.

With SSH you have a possibility to tunnel ports.

So by doing the following:

```

ssh -L 80:192.168.0.1:80 user@ssh_server

```

The above will start an SSH session with your SSH server and it will also tunnel port 80.

So when you on the SSH client access localhost at port 80, it will be tunneled through the SSH and over your local LAN to 192.168.0.1 port 80.

This way you will be able to start Firefox (or whatever) and point it to http://localhost:80/

And you will get the page from 192.168.0.1.

I use this daily from my work, but I use it to forward to my Squid proxy at home, this way I can point my broswer to use a proxy at locahost and all my internet browsing will be encrypted in a SSH tunnel and my boss can't see how much or what pages I visit.

----------

## soldstatic

oh so that wont tunnel ssh on a different port, itll just tunnell the lan's port 80 to my computer? but it'll leave the other settings alone so i can still do the webserver thing w/o ssh-ing into it?

----------

## soldstatic

ok and I can't do that. privileged ports can only be forwarded by root. :-/

currently what I'm doing is sshing out of my network andthen back in so I can't control the computer i'm actually trying to ssh in on, so once I get to work though I'll try from there and see if it'll work. 

I also need to know how to get the computer back to normal? does exiting the ssh bring it back to normal?

and can you clarify that command's syntax, ie my guess:

ssh -L loaclport:user@domain:hostport 

right?

----------

## soldstatic

well i still can't figure out the -L thing cause I keep getting "only root" can do that etc etc.

i'm trying -X though to forward the X session or whatever. This appears to work cause i start links with links -g, but i can't get firefox to start... any ideas on that one?

----------

## soldstatic

well -X works fine, its just ridiculously slow. I'd like to figure out the port forwarding though...

----------

## skryking

use this command 

ssh -D 9999 yourhost.org

then go into firefox and under the General settings setup your connection to use a socks v4 connnection pointing to localhost:9999

like this

Skryking

----------

## soldstatic

ok well i can run the -D command but when i do like you say with firefox I get

"Connection Reset" everywhere and i can't browse internet at all...

----------

## soldstatic

nevermind, i had accidentally closed the ssh session, that works perfectly.

Thanks alot!!!!!!  :Very Happy:   :Laughing:   :Laughing:   :Laughing:   :Laughing:   :Laughing:   :Laughing: 

----------

## jh294

 *Quote:*   

> Basically I have a router that I can set to allow anyone to access the webpage for setup or only people on internal network. I'd like to be able to access this setup from accross the web but not through the actuall web interface like it wants. 

 

SSH is your friend!  As other posters have pointed out, you can use SSH port forwarding to accomplish this.  Time for a couple of assumptions:

1)  Your router's IP address on the INTERNAL network is 192.168.0.1 and the configuration daemon is listening on port 80.

2)  You can SSH to a machine on the internal network and the name of the machine is "ssh_server"

3)  Your current localhost is outside of your internal network

4)  You do not have root access on either localhost or "ssh_server"

On your localhost, enter the following command:

```
ssh -L22334:192.168.0.1:80 ssh_server
```

At this point you should see an SSH session with "ssh_server".  To access the web based GUI on the router from your "localhost", open a browser (any browser will work) and point it to http://localhost:22334.

Possible problem area:

Cannot bind to port 22334 on the localhost.  This means another porcess is already using that port.  Pick another port and remember to adjust the browser URL to reflect the new port.

Explanation of the SSH command:

Connect to ssh_server.

Forward all traffic received on localhost port 22334

To the SSH session currently running on "ssh_server"

The SSH process running on "ssh_server" will forward this traffic to IP address 192.168.0.1 port 80

Note: The second parameter of the -L option is resolved by the target node.  In this case. "ssh_server" will connect to what it believes to be 192.168.0.1 or whatever host name you supplied in the initial SHH command.

Have fun!

----------

## soldstatic

yea true all that, problem was I couldn't do -L because of something to do with root. Don't really know what was goin on but -D worked and using that and then manually setting up firefox to proxy w/ the other port worked great. Success!

----------

## jh294

The problem you are having is with a low port number used on the local system.  Ports below 1024 are considered "privileged ports" and can only be opened by root.

If you changed the first number the "-L" in your SSH command to something higher than 1024, everything should work fine.  That is why my previous example used port 22334.

Have fun.

----------

## soldstatic

gotcha, also would explain why -D worked for me (cause i used 9999) while in the man pages the description says -D can use priveledged ports as well.

----------

## weaksauce

The best method I've found (which is MUCH faster than X-forwarding) is to type, on the client,

```

xhost +

ssh youruser@hostipaddress

export DISPLAY="clientipaddress:0"

```

The :0 on the end of the client ip address is necessary.

This works like x-forwarding does, but it's NOT ridiculously slow.

----------

## soldstatic

i like the other idea of just doing the port forwarding. that suffices and doesn't require too much overhead. thanks though!

----------

## Zarhan

 *weaksauce wrote:*   

> 
> 
> This works like x-forwarding does, but it's NOT ridiculously slow.

 

And is also completely unencrypted and available for everyone to see.

----------

