Monday, March 23, 2015

centos - Remote port forwarding not working

I have a test app I run locally, and use remote port forwarding to give others access to it.




This was working just fine, until I set up a new server instance on EC2.



The EC2 server runs CentoOS 7. No firewalls are running, I have set SELinux to permissive, I have opened a port in the security group rules. I then run



ssh -v -N -R port_num:localhost:port_num 


(where port_num is actually a port number), and I can see the connection coming on. I also checked netstat on the remote server and I can see the port number being listened on.



This used to work, but doesn't on this machine. I'm thinking this is either EC2 related, or CentOS 7 related, but have run out of things to try.




While running tcpdump on the remote server, I did notice that requests coming in on eth0 had length 0. Not sure why or if this isn't a red herring, but worth mentioning.



Any ideas on something I've left out?



Thanks!



EDIT 1



Added a quick web app that listens on the port I want to forward, and shows a "Hello, World!" page. I am able to access that without issue, so port 8080 on the EC2 instance is open and receiving requests. It's just the port forwarding that isn't working.




I tried



ssh -v -N -R 0.0.0.0:port_num:localhost:port_num


But that didn't seem to help either.



EDIT 2




If I run my web app locally, run ssh -N -R port_num:localhost:port_num, then ssh from another terminal into the remote server, then curl http://localhost:port_num/test, I get a response from my local server. So the forwarding is working. It's just that requests coming from an external browser which go to eth0 don't get forwarded. Not sure how this was accomplished in the old server (it just worked), any ideas what I should be doing to make this work? Again, iptables is disabled, and was disabled on the old server as well.

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...