There are some situations in which we have to expose a locally running web service to the Internet. This is know as Reverse Proxying. Depending on the situation in hand, there are multiple ways to do this:

Server with Public IP Available

In this case, the Server is also known as a Jump Server.

Client Accessible from Server

Run a port-forwarding tool such as socat on the Server.

1	`socat TCP-LISTEN:<Port the Server listens on>,fork,reuseaddr TCP:<IP address of the Client>:<Port of the Service on the Client>`

Client Inaccessible from Server

Use nat-tunnel on both the Server and the Client.

Or, use Reverse SSH Tunneling on the Client.

Reverse SSH Tunneling

Before Tunneling

On the Server:

Update the sshd config file (/etc/ssh/sshd_config). Set GatewayPorts to yes.
Restart the SSH Service.
Make sure the Port the Server listens on allows Inbound Traffic.

To Tunnel

On the Client:

1	ssh [-f] [-N] [-T] -R <Port the Server listens on>:localhost:<Port of the Service on the Client> [How you connect to the Server (e.g. `-i key-pair.pem <username>@<domain>`)]

-f tells the SSH to background itself after it authenticates, saving you time by not having to run something on the remote server for the tunnel to remain alive.
-N if all you need is to create a tunnel without running any remote commands then include this option to save resources.
-T useful to disable pseudo-tty allocation, which is fitting if you are not trying to create an interactive shell.
-R tells the tunnel to answer on the remote side.

Server with Public IP Unavailable

Use a commercial service such as ngrok on the Client.

References:

https://en.wikipedia.org/wiki/Reverse_proxy
https://www.kvm.la/1328.html
https://blog.csdn.net/weixin_35867652/article/details/104362302
https://www.hostinger.com/tutorials/how-to-set-up-nginx-reverse-proxy/
https://stevessmarthomeguide.com/understanding-port-forwarding/
https://jfrog.com/connect/post/reverse-ssh-tunneling-from-start-to-end/
https://linuxhint.com/ssh-port-forwarding-linux/
https://www.ssh.com/academy/ssh/tunneling-example
https://superuser.com/questions/1408427/remote-port-forwarding-through-a-jump-server
https://unix.stackexchange.com/questions/436290/single-step-ssh-port-forwarding-not-working-but-only-works-when-ssh-port-forward?rq=1&newreg=def5dfc9fb43466d8685fd7639eb17cc
https://www.opensourceforu.com/2021/09/how-to-do-reverse-tunnelling-with-the-amazon-ec2-instance/
https://superuser.com/questions/1194105/ssh-troubleshooting-remote-port-forwarding-failed-for-listen-port-errors
https://docs.hevodata.com/getting-started/connection-options/connecting-through-reverse-ssh/
https://www.youtube.com/watch?v=TZ6W9Hi9YJw
https://blog.devolutions.net/2017/03/what-is-reverse-ssh-port-forwarding/
https://chenhuijing.com/blog/tunnelling-services-for-exposing-localhost-to-the-web/
https://johackim.com/how-to-expose-local-server-behind-firewall
https://gabrieltanner.org/blog/port-forwarding-frp/
https://www.techiediaries.com/public-localhost/
https://superuser.com/questions/121435/is-it-possible-to-host-a-web-server-from-behind-a-nat/1360660
https://medium.com/tech-learnings/how-to-expose-a-local-server-to-the-internet-without-any-additional-tools-ae49e6b8fe93
https://serverfault.com/questions/282959/how-do-i-reach-my-internal-server-on-the-external-ip
https://superuser.com/questions/624925/how-to-access-internal-valid-ip-through-internet

Code > Unix

Various Solutions for Different Types of Reverse Proxying

https://abbaswu.github.io/2022/10/30/Various-Solutions-for-Different-Types-of-Reverse-Proxying/

Author

Jifeng Wu

Posted on

October 30, 2022

Licensed under

Paper Reading: Mining Input Grammars from Dynamic Taints Previous

Paper Reading: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Next