SSH-tunneled access to web interface

Discussion in 'Tomato Firmware' started by MrBink, Jun 21, 2014.

  1. MrBink

    MrBink Network Newbie Member


    I've setup a router with a SSH daemon on the WAN interface. It is possible to tunnel traffic to the router's web interface through SSH?

    Tunnel setup (on laptop):
    ssh -l root -p <router_ssh_port> -fNL 8989:localhost:80 <router_public_ip>​

    Subsequent connections to port 8989 on the laptop returns "channel 2: open failed: connect failed:". Telneting to localhost:80 on from router returns "Connection refused." This leads me to be believe httpd on the router only listens on the br0 interface (

    Is it possible to configure httpd to listen on loopback as well as on br0? If not, how do I forward packets to port 80 from the loopback to br0? Alternatively, how do I configure httpd to listen on every interface except the WAN interface? (I don't want to expose any listening ports on the WAN-interface apart from the port used by the SSH daemon.)

  2. gfunkdave

    gfunkdave LI Guru Member

    Absolutely - and welcome. First, be sure that the Port Forwarding checkbox is checked in Administration -> Admin Access -> SSH Daemon.

    I believe your problem is in using "localhost", which your local machine is probably interpreting to mean itself. Try using the router's LAN IP instead.
  3. kthaddock

    kthaddock Network Guru Member

  4. Campigenus

    Campigenus Networkin' Nut Member

  5. MrBink

    MrBink Network Newbie Member

    Thanks, this solved it the issue for me.

    I'd be a bit careful with the -g flag though :)

    -g      Allows remote hosts to connect to local forwarded ports.
  6. MrBink

    MrBink Network Newbie Member

    Yep, that was the issue. Thanks!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice