SSH Reverse Tunnel

[dandart]

I have got "ssh -R :80:localhost:80 [remotehost]" to redirect all apache requests to the local machine (and similarly other ports), but how do I make it so that the user that connected to [remotehost] originally, appears in my local /var/log/apache2/access.log instead of just "127.0.0.1"?

[dandart]

bump
As in forwarding the source IP address too?

[kakariko81280]

I don't think you can use ssh to do this. Apache is seeing the ssh client on localhost doing the connecting so that is what it reports in your logs.

Another way of doing this would be to use a DNAT rule on [remotehost]. From my router:

Code:

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.5:22
iptables        -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.5 -j ACCEPT

When traffic arrives on port 22 to the $WAN interface of my router, the first rule rewrites it to pass to my local ssh server at 192.168.1.5. The second rule is there to allow the rewritten traffic to pass through the firewall.

My ssh logs then correctly report the incoming IP address in the same way you want.

Some experimentation may be in order because these precise rules assume some initial setup that will be different from yours, but we can help you there if you need it.

Let us know how you get on,

Chris...

[dandart]

It's not my local router, see,
I have a private SSH server someone else has given me and I have been using it to redirect traffic to me so I don't have to open my firewall. I think what you're trying to explain to me is port forwarding, which is not what I want, because I'm doing it already. I want my apache2 to think that if people connect from $IP3 to $IP2 ($IP2 automatically transferring port 80 to $IP1 with the -R switch of SSH) so that $IP3 appears in $IP1's /var/log/apache2/access.log rather than simply 127.0.0.1.

I'm not sure iptables is the right thing to use, since there is only one interface on the remote server.