Score:0

How to forward port 8080 from a distant server to the client from the client using a tunnel ssh?

ke flag

I have installed GitLab in docker on a distant machine. I would now like to forward the port 8080 from this distant machine to my local port 8080.

On the distant machine:

sudo docker run --detach --hostname gitlab.example.com --publish 443:443 --publish 8080:80 --publish 2222:22 --name gitlab --restart always --volume $GITLAB_HOME/config:/etc/gitlab --volume $GITLAB_HOME/logs:/var/log/gitlab --volume $GITLAB_HOME/data:/var/opt/gitlab gitlab/gitlab-ce:latest

On my local machine:

ssh -N -o "ExitOnForwardFailure yes" -R 8080:localhost:8080 someuser@the-distant-server -vvv

I get the following error:

debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: receive packet: type 4
debug1: Remote: /home/someuser/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 82
debug1: remote forward failure for: listen 8080, connect localhost:8080
Error: remote port forwarding failed for listen port 8080

And indeed, in the /var/log/auth.log, I get the following error:

Jul  9 16:51:42 distant-server sshd[2723782]: Accepted publickey for someuser from 192.168.200.182 port 44850 ssh2: RSA SHA256:
Jul  9 16:51:42 distant-server sshd[2723782]: pam_unix(sshd:session): session opened for user someuser by (uid=0)
Jul  9 16:51:42 distant-server systemd-logind[1083]: New session 116923 of user someuser.
Jul  9 16:51:42 distant-server systemd[2723795]: pam_unix(systemd-user:session): session opened for user someuser by (uid=0)
Jul  9 16:51:43 distant-server sshd[2723812]: error: bind [127.0.0.1]:8080: Address already in use
Jul  9 16:51:43 distant-server sshd[2723812]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 8080
Jul  9 16:51:43 distant-server sshd[2723782]: pam_unix(sshd:session): session closed for user someuser
Jul  9 16:51:43 distant-server systemd-logind[1083]: Session 116923 logged out. Waiting for processes to exit.
Jul  9 16:51:43 distant-server systemd-logind[1083]: Removed session 116923.

It tells me bind [127.0.0.1]:8080: Address already in use.

  1. I don't understand how I can listen to port 8080 from the distant machine if no process can write to it. I think I have a misunderstanding of how ports/listening/writing/ssh work here.
  2. How can I fix the ssh command to make this tunnel work and access the GitLab instance on my 127.0.0.1:8080?
Score:1
kz flag

Short answer: use the ssh switch -L instead of -R.

Explanation: On the distant machine, you open a docker container which publishes the port 8080. This means in detail, that the docker host opens up a LISTEN socket and wait for incoming connections.

There are two types of port forwardings: -L and -R:

  • -L opens up a listen socket on your local machine and forwards this incoming connection through the ssh tunnel, and opens a connection on the remote host to the specified address (localhost:8080 in this case, which is exactly what you want)
  • -R works the other way around: it waits for incoming connections on the remote machine, and forwards it to the local host. This fails of course because you already have a listen socket sitting on this address (the docker container!)

You always have to think about who is initiating the connection. The Gitlab instance is probably accessible via a browser, which means that your local browser tries to open the connection, therefore you must have the listen socket available locally.

vinzee avatar
ke flag
It is the first time I read about `LISTEN` sockets when looking for explanations on ssh tunnels. It made everything much more clear.
Martin avatar
kz flag
you definitely should take a look at TCP networking basics. No wonder that you misunderstood the ssh tunnel options...
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.