(ssh tunnel?) Access remote server with private IP through a *DIFFERENT* server with public IP

Let's assume the following hosts:

  • localhost : my laptop
  • remoteserver : a server with a public IP which runs a SSH server.
  • private.remoteserver : a server with a private IP which is only accessible from remoteserver.

I don't have sudo access to remoteserver, so I can't make changes with the root user.

The question is: Is it possible to access a port on private.remoteserver from remoteserver, in a single command?

I've played around a bit with ssh tunnels without luck. It would like to create an SSH alias to private.remoteserver as described in this article.

For example, I'd like to run from localhost:

curl http://private.remoteserver:8080/

to connect to port 8080 on private.remoteserver. Is this possible?


You haven't show us what you've tried so far, but something as simple as this should work:

ssh -L 8080:private.remoteserver:8080 remoteserver

Which would then let you run:

curl http://localhost:8080/

...which due to the port forwarding we just set up would actually connect to port 8080 on private.remoteserver.

If you want to be able to directly access http://private.remoteserver:8080/ from your client, you'll need to (a) set up some sort of proxy and (b) configure curl (or other software) to use the proxy. You can set up a SOCKS5 proxy with ssh using the -D option:

ssh -D 1080 remoteserver

And then you can:

curl --socks5-hostname http://private.remoteserver:8080/

Most web browsers (Firefox, Chrome) can also be configured to operate with a SOCKS5 proxy. If you search for "ssh dynamic forwarding" you'll find lots of good documentation, including this article from Ubuntu.


Actually I solved my problem with sshuttle:

sshuttle --dns -HN -r user@remoteserver

No other proxy configuration required, then I can access any ports of the private IP :

curl http://private:8080/