Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Remote port forwarding #1

Closed
xoox opened this issue May 12, 2015 · 5 comments
Closed

[Feature Request] Remote port forwarding #1

xoox opened this issue May 12, 2015 · 5 comments

Comments

@xoox
Copy link

xoox commented May 12, 2015

Hi, Thanks for all your good work. @jpillora and @morikat

Since ssh channels are used, is it possible to add remote port forwarding in the future?
Something like ssh clients do.

 -R [bind_address:]port:host:hostport
         Specifies that the given port on the remote (server) host is to
         be forwarded to the given host and port on the local side.
@jpillora
Copy link
Owner

It's possible however I'm not sure if it would make sense. Currently, chisel client ... basically does an ssh -L local port forward (opens a new TCP server on the client). Whereas a -R remote port would open a new TCP server on the server. The purpose of chisel is to overcome firewalls by running all traffic over HTTP, so one would need to send this traffic over HTTP. With -L the local server performs this encapsulation, though with -R we have no client to perform this encapsulation. So it only makes sense to open up normal ssh -R port forward, in which case, I'd just suggest you use ssh.

@xoox
Copy link
Author

xoox commented May 13, 2015

Indeed we are facing a very strict firewall only HTTP and HTTPS are allowed. Any other links include ssh are unstable and unusable usually.

Before jump into chisel using websocket, the following solution has been used, but it is too tricky and has no good performance. It also breaks the normal HTTP server deployments.

client             |                 | server          /----------> HTTP server
autossh -> stunnel ----->FIREWALL----->stunnel->sslh--+-------> ssh server

The local traffic are encapsulated and forwarded by ssh -L. Also, when running autossh a -R is added to open a remote port forwarding to the local client side. The remote port forwarding is used to do some settings to the local client host, which is impossible without remote port forwarding capability when you are outside the firewall.

The ssh -R alike option would be added to chisel client side instead of server side. The remote forwarded ports would only be opened by the requests of authenticated clients.

In conclusion, chisel server is more like the sshd daemon, while chisel client behaves more like the ssh client. They communicate via the HTTP/HTTPS(WS/WSS) linkage.

The -R options would and should only be added to the chisel client side. Something like:

chisel client [options] <server> <remote> [remote] [remote] [-R [bind_address:]port:host:hostport] [-R [bind_address:]port:host:hostport]...

@jpillora
Copy link
Owner

Have you tried tunneling to the SSH server via chisel, then do your normal SSH from there?

@xoox
Copy link
Author

xoox commented May 14, 2015

It surely works tunneling to the SSH server via chisel. That results in a multiple-layer tunnel.
SSH remote port forwarding is tunneled via ssh, which is tunneled through chisel, then websocket and TLS.

If chisel can do remote port forwarding, the 4-layer tunnel could be simplified to three layer.

@jpillora
Copy link
Owner

See #3 for a better solution to this - will close as it covers this use case. If I'm mistake, feel free to re-open

@ingnelson ingnelson mentioned this issue Jul 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jpillora @xoox