I am used to forwarding a remote service port on localhost using ssh like:
ssh -L 2181:localhost:2182 user@server
(forward remote host port 2182 to local port 2181)
now, from the machine I ssh to, I am trying to reach a tcp service and forward the response to my local machine:
local-machine:2181 <-- SSH --> remote-machine:2182 <-- netcat/named pipe --> service:2181
Note: I do not have direct access to the service machine, I only have access to the network through the machine I SSH to.
I was trying to use netcat with a named pipe:
On the remote-machine:
mkfifo fifo
nc -k -l 2182 <fifo | nc service 2181 >fifo
On local machine:
echo message | nc localhost 2181
but that doesn't seem to work.
I also tried, on remote-machine
nc -k -l 2182 0<fifo | nc service 2181 1>fifo
without luck
On the remote machine nc -k -l 2182
outputs the message I send from the local-machine:2181
if I simply pipe this like: nc -k -l 2182 | nc service 2181
I do see the response from the service on the remote-machine. So I'm able to go all the way to the service and back to the remote-machine but it stops there:
local-machine:2181 <-/- SSH --> remote-machine:2182 <-- netcat --> service:2181
so I don't understand why the named pipe won't forward the response through the ssh connection back to my local machine.
echo message | nc localhost 2182
on the remote-machine does NOT output anything back on the local-machine, so it's not making it through SSH for some reason.
Any idea why this is and how to fix it?
Thanks for help.
(EDITED for clarity) Note: I need this because I can only SSH to one machine, which is part of a cluster, and that machine has access to the service(s). I do not want to expose the service to the outside, nor have SSHD one every service container.
I was pointed to the fact that one can simply do
ssh -L 2181:service:2181 user@remote-machine
to forward the connection to
service
fromremote-machine
to the port onlocal-machine
.simple and efficient.
You can use -R for this purpose:
This will open a port on yourhost:7070 that forwards to localhost:8080
Documentation says