Port Forwarding for Headless Machines.

In my quest to find a DropBox like solution for local file sync between my machines, I found and fell in love with Syncthing. It is an excellent piece of software that gives you total control over how your data is synced and has proven itself to be extremely reliable. I will cover my Syncthing setup in another post but for context here; I maintain one master node running on a headless CentOS 7 virtual machine (VM) on my server and all of my other machines sync to it. For configuration I use SSH tunneling to forward the web gui port to whichever machine I am using at the time.

The basic formatting of the tunneling command used to access the remote VM’s web gui:

ssh -L XXXX:localhost:YYYY [email protected]
  • XXXX is a port on your local machine that the remote port will be mapped to. This should be a port not already in use on your local machine.
  • YYYY is the port on your remote machine port that is configured for the Syncthing web gui.
  • ZZZ.ZZZ.ZZZ.ZZZ is the ip address or host name of the remote machine.
  • Note: “localhost” could be replaced by “127.0.0.1”, they both mean the same thing and work with this command.

As an example, your remote machine is accessible at 192.168.1.10, the Syncthing gui on that machine is accessible on port 8384 (the default port for Syncthing), and your user account on the remote machine is syncuser. You want to tunnel the web gui to your machine and present it on port 8885. The terminal command to run would be:

	[email protected]:~$ ssh -L 8885:localhost:8384 [email protected]

This will prompt you to input the password for syncuser on the remote machine, unless you use SSH keys with that machine. If you specified the remote machine in your ssh config file, you could replace [email protected] with the Host name you specified. Once connected, the remote machine will forward all traffic from its port to the local port you specified. In this case, you can open up a browser on your local machine, input 127.0.0.1:8885 and you will be presented with the Syncthing web gui of the remote machine.

It is important to note, the terminal window you ran this tunneling command from must remain active as long as you want the tunnel to persist. It should be simple enough to open another terminal window if you need one but to simplify things, you could run the command from a multiplexer program like GNU Screen or tmux and simply open a new terminal as needed from your main terminal instance until you have no more use for the tunnel.

My main use case for tunneling has been to access the web gui of my master Syncthing node but SSH tunneling can be used for any other program presents data from a specific port on a remote machine. For instance, while setting up this blog and while testing choices for blog software, I used tunneling to view local instances of my website which were run from temporary containers on my server.

Please note, while I doubt this method of tunneling through ssh has changed in quite a while, I have only used this with openssh version 7.4, 7.8, and 7.9.

References:


howtogeek article by Chris Hoffman
OpenBSD man page for ssh