Title: HTTPS over SSH Post by: vnbm on Saturday 28 January 2012, 03:38:27 pm Hi Everyone,
Sorry if this has been asked before, I tried searching but I was unable to find anything. Anyway, I am using EFW 2.4.1 and basically what I am in need of is being about to tunnel HTTPS (in partcular the web management page (10443)) over SSH, as my work network only allows outbound SSH direct through the firewall. I am able to connect to my endian, over SSH (port 22) from work now. However when creating a HTTPS tunnel, it never seems to resolve. I am using PuttY to create the tunnel. Selecting port 5901 as local (work machine) port, and I have tried both localhost/IP and Internet IP for destination with 10443 as port. I have also tried every combination in FireFox proxy settings to allow it through. I'm not sure if any firewall rules will need to be created on my Endian machine to allow the connection. Obviously SSH has been allowed, but nothing else at the moment. I am interested to know if anyone else has been able to get this working, and hopefully share some insight for me. Title: Re: HTTPS over SSH Post by: endianupdate on Monday 06 February 2012, 09:25:19 am Have you enabled 'Allow TCP forwarding' on the EFW ?
Also to set up the Putty client you should use the following; Tunnel source port 10443 (I keep the source and destination port the same) Destination 127.0.0.1:10443 (the localhost address and port on the EFW that the admin interface is running on) then when you have successfully connected to the EFW through SSH, in your browser enter https://127.0.0.1:10443 there is no need to set proxy settings on your browser for this to work as any connection to your local machine on port 10443 will be forwarded to the remote server port 10443 through the SSH tunnel. You should not need to create any firewall rules on the EFW to allow the connection, see my connection as shown in the Status > Connections screen Source IP Source port Destination IP Destination port Protocol Status Expires 192.168.. 53682 192.168... 22 (SSH) tcp ESTABLISHED 119:58:15 127.0.0.1 35787 127.0.0.1 10443 tcp ESTABLISHED 119:59:59 Hope this helps. |