Tibor's Musings

SSH Tunnelling

Imagine being at home and wanting to connect to a web site sitting behind the corporate firewall. The web site is not open to the outside world; one can only use it from within the corporate IP domain range. How to quickly set up an SSH tunnel to reach it?

Reaching an internal web site via SSH tunnel

If the web site is called http://internal.example.org, and if the publicly connectable machine is public.example.org, then you can establish an SSH tunnel to the internal web site by running the following command on your laptop:

ssh -f johndoe@public.example.org -L 3000:internal.example.org:80 -N

After this, opening http://localhost:3000/ in your browser will actually show http://internal.example.org/ as seen from the public.example.org machine. That is, from within the corporate IP domain range.

This technique provides much faster browsing experience when compared to logging via ssh -Y into public.example.org and starting a remote browser there.


For example, to access Invenio Jenkins server from outside of CERN, first open an SSH tunnel like this:

ssh -f lxplus.cern.ch -L 3001:jenkins.invenio-software.org:443 -N

then open https://localhost:3001/ in the browser.