Monday, January 16, 2017

Bypass blocked ports with Reverse SSH Tunneling

Most organisations have security rules that stop non-standard ports on external resources from being accessed from the corporate network.

One frequent scenario is when you are running a website on a non-standard port (e.g., 5000) on AWS EC2 (e.g., you try to call it from your corporate network. In most cases, if you open your browser and try to access site won't load despite having the port open on AWS EC2 Security Group.

To overcome this limitation you can use Reverse SSH Tunneling the following way:

  1. Open a terminal and navigate to the folder where you have your PEM key to connect to AWS EC2
  2. Type ssh -i your_key.pem -NL LOCAL_PORT:localhost:REMOTE_PORT (e.g., ssh -i your_key.pem -NL 8080:localhost:5000 ec2-user@
  3. Leave the terminal open with the SSH command running. Open on your browser and type http://localhost:LOCAL_PORT (e.g., http://localhost:8080). The website will load.