# [SOLVED] ssh port forwarding using a ssh proxy

## alex6

hi,

I need a web access on a server that uses https and java features.

Right now, this is what I am able to do :

Connect via ssh to a "ssh proxyserver" 

From there I can use ssh to connect to my server.

I've heard about ssh port forwarding, tried different combinations of -D, -L and -R options without success...

Here is what I tried : (after configuring "proxy for socks" with 127.0.0.1 in the firefox settings)

-D 1080 on the ssh proxy server then -D 1080 again, and then trying to access with firefox on 127.0.0.1:1080 

-D 1080 on the ssh proxy server then ssh -R  1080:localhost:443 root@myserver

-D 1080 on the ssh proxy server then ssh -L  1080:localhost:443 root@myserver

-D 1080 on the ssh proxy server then ssh -R  1080:myserverhostFQDN:443 root@myserver

-D 1080 on the ssh proxy server then ssh -L  1080:myserverhostFQDN:443 root@myserver

In the 4 last cases, when connecting via firefox, I can see this error message in the terminal :

```
"channel 3: open failed: connect failed: Connection refused"
```

Any ideas ?Last edited by alex6 on Wed May 04, 2016 12:55 pm; edited 2 times in total

----------

## ct85711

well, one common issue that hits people, is logging into root on ssh by default is disabled

----------

## alex6

 *ct85711 wrote:*   

> well, one common issue that hits people, is logging into root on ssh by default is disabled

 

Well I actually have only a user access to the ssh proxy, do you think it's a problem ?

----------

## nativemad

Well, if the proxy can reach the webhost, then there is no need to do multiple connections and setting up a socksproxy and so on...

```
ssh -L 443:WebserversDnsNameOrIP:443 user@sshproxy
```

Now if you start your browser, you can access the site via https://127.0.0.1

HTH, cheers

----------

## alex6

 *nativemad wrote:*   

> Well, if the proxy can reach the webhost, then there is no need to do multiple connections and setting up a socksproxy and so on...
> 
> ```
> ssh -L 443:WebserversDnsNameOrIP:443 user@sshproxy
> ```
> ...

 

Okay, so if understand I must run this from my client, right ?

 I ran 

```
# ssh -L 443:webserver:443 myuser@ssh_proxy
```

when I try to acces https://127.0.0.1, I recieve the following error in the terminal where I did this ssh :

```

-bash-3.2$ channel 3: open failed: connect failed: No route to host
```

I have this message even with firewall from both the client and webserver down.

On firefox I can see this message :

 *Quote:*   

> Secure Connection Failed
> 
> The connection to 127.0.0.1 was interrupted while the page was loading.
> 
>     The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
> ...

 

Does it mean I have to import the CA cert into firefox from the portal or the webserver or both ?

To make things clear : the "webserver" doesn't provide any access from the WAN, the only access from WAN is the ssh portal.

The "webserver" can only be accessed in LAN, that's why I try to make ssh forwarding.

----------

## alex6

 *alex6 wrote:*   

> 
> 
> when I try to acces https://127.0.0.1, I recieve the following error in the terminal where I did this ssh :
> 
> ```
> ...

 

Sorry, actually with both firewall down, the message is a bit different :

 *Quote:*   

> channel 3: open failed: connect failed: Connection refused

 

----------

## alex6

Sorry, layer 8 problem : I was actually using the wrong FQDN, as it was a VM inside a server who has a really close hostname (so FQDN) and I got confused...

Nativemad, thank you, your method actually works  :Smile: 

----------

