Find the answer to your Linux question:
Results 1 to 4 of 4
I have got "ssh -R :80:localhost:80 [remotehost]" to redirect all apache requests to the local machine (and similarly other ports), but how do I make it so that the user ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2005
    Location
    South West England
    Posts
    91

    SSH Reverse Tunnel


    I have got "ssh -R :80:localhost:80 [remotehost]" to redirect all apache requests to the local machine (and similarly other ports), but how do I make it so that the user that connected to [remotehost] originally, appears in my local /var/log/apache2/access.log instead of just "127.0.0.1"?

  2. #2
    Just Joined!
    Join Date
    Aug 2005
    Location
    South West England
    Posts
    91
    bump
    As in forwarding the source IP address too?

  3. #3
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    732
    I don't think you can use ssh to do this. Apache is seeing the ssh client on localhost doing the connecting so that is what it reports in your logs.

    Another way of doing this would be to use a DNAT rule on [remotehost]. From my router:

    Code:
    iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.5:22
    iptables        -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.5 -j ACCEPT
    When traffic arrives on port 22 to the $WAN interface of my router, the first rule rewrites it to pass to my local ssh server at 192.168.1.5. The second rule is there to allow the rewritten traffic to pass through the firewall.

    My ssh logs then correctly report the incoming IP address in the same way you want.

    Some experimentation may be in order because these precise rules assume some initial setup that will be different from yours, but we can help you there if you need it.

    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2005
    Location
    South West England
    Posts
    91
    It's not my local router, see,
    I have a private SSH server someone else has given me and I have been using it to redirect traffic to me so I don't have to open my firewall. I think what you're trying to explain to me is port forwarding, which is not what I want, because I'm doing it already. I want my apache2 to think that if people connect from $IP3 to $IP2 ($IP2 automatically transferring port 80 to $IP1 with the -R switch of SSH) so that $IP3 appears in $IP1's /var/log/apache2/access.log rather than simply 127.0.0.1.

    I'm not sure iptables is the right thing to use, since there is only one interface on the remote server.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •