I am trying to forward traffic with google instances but no luck.
Here is the scenario:
I have 2 instances currently main-server, and mini-server-1
I want to ssh mini-server-1 from main-server and create a dynamic port forwarding like so:
gcloud compute ssh "mini-server-1" --zone="us-central1-f" --ssh-flag="-D:5551" --ssh-flag="-N" --ssh-flag="-n" &
I have this error:
bind: Cannot assign requested address
I tried: ssh -N username#mini-server-1(all ips internal external, hostname) -D 5551 &
When i run netstat i can see that ports are free.
Here is wget with proxy from main-server
wget google.com -e use_proxy=yes -e http_proxy=127.0.0.1:5551
Connecting to 127.0.0.1:5551... connected.
Proxy request sent, awaiting response...
Does someone know how can i achieve this?
Much simpler syntax:
gcloud compute ssh my-vm-name --zone=europe-west1-b -- -NL 4000:localhost:4000
You can pass as many options as you want:
-NL 8080:localhost:80 -NL 8443:localhost:443
https://cloud.google.com/solutions/connecting-securely
https://cloud.google.com/community/tutorials/ssh-tunnel-on-gce
https://cloud.google.com/community/tutorials/ssh-port-forwarding-set-up-load-testing-on-compute-engine
run the command with the debug flag to help you find more information:
gcloud compute ssh --ssh-flag=-vvv "mini-server-1" \
--zone="us-central1-f" \
--ssh-flag="-D:5551" \
--ssh-flag="-N" \
--ssh-flag="-n" &
and as mention in my comment before, use https_proxy.
gcloud compute ssh --ssh-flag="-L 2222:localhost:8080" --zone "us-central1-a" "your_instance_name"
With this command you can port forward and connect to a port running on a particular VM instance from your local PC
2222 refer to local IP
8080 is the remote port where our application will be running
Related
Hi my country blocked google.com anyway I have a virtual machine which is outside the country and have access to google. it has nginx & haproxy installed, based on my limited understanding these reverse proxy can do proxy to internal servers but is there anyway to let them do proxy to google.com directly?
Thanks so much.
Instead of using NGINX or HAPROXY to proxy some URL or google.com what you should do is use your VM as a proxy for the browser. Execute below on your machine
$ ssh -D 8123 -f -C -q -N sammy#example.com
Explanation of arguments
-D: Tells SSH that we want a SOCKS tunnel on the specified port number (you can choose a number between 1025-65536)
-f: Forks the process to the background
-C: Compresses the data before sending it
-q: Uses quiet mode
-N: Tells SSH that no command will be sent once the tunnel is up
This will open a socks proxy on 127.0.0.1:8123, you can set this in your browser and open google through your server.
For more detailed article refer to below
https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel
I am working in Linux/unix sh shell. I am following instructions to download data from a repository which consist of two mirrored systems.
Instructions say I must be able to make a http (Port 80) connection to both systems (or at least one) in order to download the data. What bash command-line should I use?
Use wget :
wget http://url/file.tar.gz
or if you want to check if port 80 is really open on the host , simply use telnet :
telnet server_ip 80
you should get some kind of reply. If no HTTP service running , you will get 'connection refused'
I'd say nmap is the best option here, since it gives a clear answer:
sudo nmap -sS -p80 <ip address>
The output is either something like
Host is up (0.027s latency).
PORT STATE SERVICE
80/tcp open http
or, in the negative case
Host is up (0.024s latency).
PORT STATE SERVICE
80/tcp filtered http
That is something you can easily pipe into a grep command:
sudo nmap -sS -p80 xx.xx.xx.xx | grep "/tcp"
This will result in either
80/tcp open http
or
80/tcp filtered http
I have my home computer A and a work computer C that I want to synchronise using unison. In the middle is a work computer B. A can communicate with B and B can communicate with C directly but A and C can't directly connect to each other. In fact the communication diagram looks like A->B<->C. That is A can connect to B but B can't connect to A.
To give an example how I use this setup, I currently do the following if I want to ssh from A to C
ssh -t -X -C me_B#B ssh -X me_C#C
How can I run unison from A and sync with C, maybe using ssh port forwarding?
To make it a little clearer, C has unfiltered outgoing connectivity to the Internet. B has unfiltered in and outgoing connectivity to both C and the Internet. A is my home computer.
Update
The following command line works for me to at least copy files from A to C
scp -oProxyCommand="ssh me_B#B nc -v %h %p" foo/* me_C#C:foo
Is there some way to use this idea to get unison to work?
Yes, ssh port forwarding can be used for that. Use the following command on A if you want to forward ssh on port 22 at C to the local port 3000 (for example):
# Create the tunnel
ssh -L 3000:C:22 userB#B -N
After you have issued the command, you can login into C from A using:
# Connect using the tunnel
ssh -p 3000 userC#localhost
Note: During the discussion below it turned out, that in OP's network, the connection trough the tunnel can only be established using the following command:
ssh -p 3000 -l userC localhost
Note that I'm using -l userC instead of userC#.
Now you can use unison like this:
unison directory ssh://userC#localhost:3000 directory
I am trying to run beanstalkd
if i use 127.0.0.1 with port no 11300 it works or for the matter any other port
beanstalkd -d -l 127.0.0.1 -p 11300
But if use external IP it doesn't work.
beanstalkd -d -l 107.0.1.5 -p 11300
Should i enable the port or something . If i should how does it work in the first case and not the second
The IP address you pass to beanstalkd is the address that it binds to - if given, it will only accept connections to that address on the machine it runs on. So the address 107.0.1.5 must be on one of the network interfaces on the machine you run it on.
If you want you can simply omit the -l <address> option to get beanstalkd to listen on all of the addresses on the host.
I have a specific scenario that I want to solve. I currently connect to a host via port forwarding:
laptop -> gateway -> remote_server_1
and another host:
laptop -> remote_server_2
with passwordless login working on both. Neither of the remote servers are visible to the outside world. Now I'm running a service on remote_server_2, that I'd like to be able to access on remote_server_1. I presume I have to setup reverse port forwarding from remote_server_1 to my laptop, and then on to remote_server_2, but I'm not sure how to do this. Anyone come across this situation before?
Edit:
The full solution in case anyone else needs it:
mylaptop$ ssh -L 3001:localhost:3000 server_2
server_2$ netcat -l 3000
Then setup the tunnel via gateway to server_1:
ssh -t -t -L 3003:server_1:22 gateway
Then access it from server_1:
ssh -R 3002:localhost:3001 -p3003 localhost
echo "bar" | nc localhost 3002`
and hey presto server_2 shows bar :-)
You have to do exactly as you've described. Setup the server on server_2.
mylaptop$ ssh -L 3001:localhost:3000 server_2
server_2$ netcat -l 3000
Then access to it from server_1.
mylaptop$ ssh -R 3002:localhost:3001 server_1
server_1$ echo "foo" | netcat localhost 3002
server_2 will show foo.