How to map a local port to a remote port without SSH access?
What I want to solve
I have a configuration file that I do not want to change, because it is shared between many people and is managed by someone else. It has entries similar to this:
serviceAlpha: localhost:8081
serviceBravo: localhost:8082
serviceCharlie: localhost:8083
...
I would like to have the local ports each mapped to a remote host and port, without needing to login (tunnel) via SSH.
For instance:
localhost:8081 -> serviceAlpha:8080
localhost:8082 -> serviceBravo:8080
localhost:8083 -> serviceCharlie:8080
...
What I have tried
I read that /etc/hosts is unable to solve this problem.
I have tried using pf (see here):
echo "
rdr pass inet proto tcp from any to any port 8081 -> serviceAlpha port 8080
" | sudo pfctl -ef -
When I run pfctl -s nat, I get:
No ALTQ support in kernel
ALTQ related functions disabled
rdr pass inet proto tcp from any to any port = 8081 -> ww.xx.yy.zz port 8080
When I run curl -X GET http://localhost:8081/, I get Failed to connect to localhost port 8081: Operation timed out. The same occurs when I replace localhost with 127.0.0.1.
When I run curl -X GET http://ww.xx.yy.zz:8080/, I get the expected response.
I have also tried various socat commands, including:
socat tcp-listen:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
socat tcp:127.0.0.1:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
> socat: 2019/02/14 16:27:02 socat[31221] E connect(5, LEN=16 AF=2 127.0.0.1:8081, 16): Operation timed out
networking macos proxy
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
add a comment |
What I want to solve
I have a configuration file that I do not want to change, because it is shared between many people and is managed by someone else. It has entries similar to this:
serviceAlpha: localhost:8081
serviceBravo: localhost:8082
serviceCharlie: localhost:8083
...
I would like to have the local ports each mapped to a remote host and port, without needing to login (tunnel) via SSH.
For instance:
localhost:8081 -> serviceAlpha:8080
localhost:8082 -> serviceBravo:8080
localhost:8083 -> serviceCharlie:8080
...
What I have tried
I read that /etc/hosts is unable to solve this problem.
I have tried using pf (see here):
echo "
rdr pass inet proto tcp from any to any port 8081 -> serviceAlpha port 8080
" | sudo pfctl -ef -
When I run pfctl -s nat, I get:
No ALTQ support in kernel
ALTQ related functions disabled
rdr pass inet proto tcp from any to any port = 8081 -> ww.xx.yy.zz port 8080
When I run curl -X GET http://localhost:8081/, I get Failed to connect to localhost port 8081: Operation timed out. The same occurs when I replace localhost with 127.0.0.1.
When I run curl -X GET http://ww.xx.yy.zz:8080/, I get the expected response.
I have also tried various socat commands, including:
socat tcp-listen:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
socat tcp:127.0.0.1:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
> socat: 2019/02/14 16:27:02 socat[31221] E connect(5, LEN=16 AF=2 127.0.0.1:8081, 16): Operation timed out
networking macos proxy
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
add a comment |
What I want to solve
I have a configuration file that I do not want to change, because it is shared between many people and is managed by someone else. It has entries similar to this:
serviceAlpha: localhost:8081
serviceBravo: localhost:8082
serviceCharlie: localhost:8083
...
I would like to have the local ports each mapped to a remote host and port, without needing to login (tunnel) via SSH.
For instance:
localhost:8081 -> serviceAlpha:8080
localhost:8082 -> serviceBravo:8080
localhost:8083 -> serviceCharlie:8080
...
What I have tried
I read that /etc/hosts is unable to solve this problem.
I have tried using pf (see here):
echo "
rdr pass inet proto tcp from any to any port 8081 -> serviceAlpha port 8080
" | sudo pfctl -ef -
When I run pfctl -s nat, I get:
No ALTQ support in kernel
ALTQ related functions disabled
rdr pass inet proto tcp from any to any port = 8081 -> ww.xx.yy.zz port 8080
When I run curl -X GET http://localhost:8081/, I get Failed to connect to localhost port 8081: Operation timed out. The same occurs when I replace localhost with 127.0.0.1.
When I run curl -X GET http://ww.xx.yy.zz:8080/, I get the expected response.
I have also tried various socat commands, including:
socat tcp-listen:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
socat tcp:127.0.0.1:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
> socat: 2019/02/14 16:27:02 socat[31221] E connect(5, LEN=16 AF=2 127.0.0.1:8081, 16): Operation timed out
networking macos proxy
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
What I want to solve
I have a configuration file that I do not want to change, because it is shared between many people and is managed by someone else. It has entries similar to this:
serviceAlpha: localhost:8081
serviceBravo: localhost:8082
serviceCharlie: localhost:8083
...
I would like to have the local ports each mapped to a remote host and port, without needing to login (tunnel) via SSH.
For instance:
localhost:8081 -> serviceAlpha:8080
localhost:8082 -> serviceBravo:8080
localhost:8083 -> serviceCharlie:8080
...
What I have tried
I read that /etc/hosts is unable to solve this problem.
I have tried using pf (see here):
echo "
rdr pass inet proto tcp from any to any port 8081 -> serviceAlpha port 8080
" | sudo pfctl -ef -
When I run pfctl -s nat, I get:
No ALTQ support in kernel
ALTQ related functions disabled
rdr pass inet proto tcp from any to any port = 8081 -> ww.xx.yy.zz port 8080
When I run curl -X GET http://localhost:8081/, I get Failed to connect to localhost port 8081: Operation timed out. The same occurs when I replace localhost with 127.0.0.1.
When I run curl -X GET http://ww.xx.yy.zz:8080/, I get the expected response.
I have also tried various socat commands, including:
socat tcp-listen:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
socat tcp:127.0.0.1:8081 tcp:ww.xx.yy.zz:8080
curl -X GET http://127.0.0.1:8081/health
> curl: (7) Failed to connect to 127.0.0.1 port 8081: Operation timed out
> socat: 2019/02/14 16:27:02 socat[31221] E connect(5, LEN=16 AF=2 127.0.0.1:8081, 16): Operation timed out
networking macos proxy
networking macos proxy
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
edited Feb 18 at 21:28
ordonezalex
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
asked Feb 14 at 23:21
ordonezalexordonezalex
1034
1034
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
One way to accomplish this is using Apache and mod_proxy. You can check a full tutorial on how to setup mod_proxy here (although it is for Linux, the steps for setting up should be similar). Especially check the section Configure Apache For Proxy.
So I think you can setup virtual host for each service and setup apache to listen to 8081, 8082, 8083.
Each virtual host configuration would look something like this:
Listen 8081
<VirtualHost *:8081>
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://ww.xx.yy.zz:8080/
ProxyPassReverse / http://ww.xx.yy.zz:8080/
</VirtualHost>
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
add a comment |
The command you want is iptables. The commands are listed below:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i lo -p tcp --dport 8081 -j REDIRECT --to-destination 2.2.2.2:8080
iptables -t nat -A POSTROUTING -j MASQUERADE
I do not believe you are allowed to put a host name into the destination location, but you can try. These changes are not persistent; you need to drop them into a script that is run on startup for persistence.
answered Feb 15 at 0:24
AndyAndy
1,056311
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS ispf, but I have not figured out the correct command/configuration.
– ordonezalex
Feb 15 at 0:35
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?sudo pfctl -EMore examples of rdr usage: apple.stackexchange.com/questions/230300
– Andy
Feb 15 at 0:40
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ransudo pfctl -ewhich outputpfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.
– ordonezalex
Feb 15 at 0:48
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1405892%2fhow-to-map-a-local-port-to-a-remote-port-without-ssh-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
One way to accomplish this is using Apache and mod_proxy. You can check a full tutorial on how to setup mod_proxy here (although it is for Linux, the steps for setting up should be similar). Especially check the section Configure Apache For Proxy.
So I think you can setup virtual host for each service and setup apache to listen to 8081, 8082, 8083.
Each virtual host configuration would look something like this:
Listen 8081
<VirtualHost *:8081>
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://ww.xx.yy.zz:8080/
ProxyPassReverse / http://ww.xx.yy.zz:8080/
</VirtualHost>
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
add a comment |
One way to accomplish this is using Apache and mod_proxy. You can check a full tutorial on how to setup mod_proxy here (although it is for Linux, the steps for setting up should be similar). Especially check the section Configure Apache For Proxy.
So I think you can setup virtual host for each service and setup apache to listen to 8081, 8082, 8083.
Each virtual host configuration would look something like this:
Listen 8081
<VirtualHost *:8081>
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://ww.xx.yy.zz:8080/
ProxyPassReverse / http://ww.xx.yy.zz:8080/
</VirtualHost>
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
add a comment |
One way to accomplish this is using Apache and mod_proxy. You can check a full tutorial on how to setup mod_proxy here (although it is for Linux, the steps for setting up should be similar). Especially check the section Configure Apache For Proxy.
So I think you can setup virtual host for each service and setup apache to listen to 8081, 8082, 8083.
Each virtual host configuration would look something like this:
Listen 8081
<VirtualHost *:8081>
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://ww.xx.yy.zz:8080/
ProxyPassReverse / http://ww.xx.yy.zz:8080/
</VirtualHost>
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
One way to accomplish this is using Apache and mod_proxy. You can check a full tutorial on how to setup mod_proxy here (although it is for Linux, the steps for setting up should be similar). Especially check the section Configure Apache For Proxy.
So I think you can setup virtual host for each service and setup apache to listen to 8081, 8082, 8083.
Each virtual host configuration would look something like this:
Listen 8081
<VirtualHost *:8081>
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://ww.xx.yy.zz:8080/
ProxyPassReverse / http://ww.xx.yy.zz:8080/
</VirtualHost>
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
edited Feb 15 at 17:32
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
answered Feb 15 at 0:20
Viktor NonovViktor Nonov
31815
31815
add a comment |
add a comment |
The command you want is iptables. The commands are listed below:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i lo -p tcp --dport 8081 -j REDIRECT --to-destination 2.2.2.2:8080
iptables -t nat -A POSTROUTING -j MASQUERADE
I do not believe you are allowed to put a host name into the destination location, but you can try. These changes are not persistent; you need to drop them into a script that is run on startup for persistence.
answered Feb 15 at 0:24
AndyAndy
1,056311
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS ispf, but I have not figured out the correct command/configuration.
– ordonezalex
Feb 15 at 0:35
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?sudo pfctl -EMore examples of rdr usage: apple.stackexchange.com/questions/230300
– Andy
Feb 15 at 0:40
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ransudo pfctl -ewhich outputpfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.
– ordonezalex
Feb 15 at 0:48
add a comment |
The command you want is iptables. The commands are listed below:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i lo -p tcp --dport 8081 -j REDIRECT --to-destination 2.2.2.2:8080
iptables -t nat -A POSTROUTING -j MASQUERADE
I do not believe you are allowed to put a host name into the destination location, but you can try. These changes are not persistent; you need to drop them into a script that is run on startup for persistence.
answered Feb 15 at 0:24
AndyAndy
1,056311
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS ispf, but I have not figured out the correct command/configuration.
– ordonezalex
Feb 15 at 0:35
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?sudo pfctl -EMore examples of rdr usage: apple.stackexchange.com/questions/230300
– Andy
Feb 15 at 0:40
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ransudo pfctl -ewhich outputpfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.
– ordonezalex
Feb 15 at 0:48
add a comment |
The command you want is iptables. The commands are listed below:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i lo -p tcp --dport 8081 -j REDIRECT --to-destination 2.2.2.2:8080
iptables -t nat -A POSTROUTING -j MASQUERADE
I do not believe you are allowed to put a host name into the destination location, but you can try. These changes are not persistent; you need to drop them into a script that is run on startup for persistence.
answered Feb 15 at 0:24
AndyAndy
1,056311
The command you want is iptables. The commands are listed below:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i lo -p tcp --dport 8081 -j REDIRECT --to-destination 2.2.2.2:8080
iptables -t nat -A POSTROUTING -j MASQUERADE
I do not believe you are allowed to put a host name into the destination location, but you can try. These changes are not persistent; you need to drop them into a script that is run on startup for persistence.
answered Feb 15 at 0:24
AndyAndy
1,056311
answered Feb 15 at 0:24
AndyAndy
1,056311
answered Feb 15 at 0:24
AndyAndy
1,056311
answered Feb 15 at 0:24
AndyAndy
1,056311
1,056311
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS ispf, but I have not figured out the correct command/configuration.
– ordonezalex
Feb 15 at 0:35
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?sudo pfctl -EMore examples of rdr usage: apple.stackexchange.com/questions/230300
– Andy
Feb 15 at 0:40
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ransudo pfctl -ewhich outputpfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.
– ordonezalex
Feb 15 at 0:48
add a comment |
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS ispf, but I have not figured out the correct command/configuration.
– ordonezalex
Feb 15 at 0:35
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?sudo pfctl -EMore examples of rdr usage: apple.stackexchange.com/questions/230300
– Andy
Feb 15 at 0:40
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ransudo pfctl -ewhich outputpfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.
– ordonezalex
Feb 15 at 0:48
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS is
pf, but I have not figured out the correct command/configuration.– ordonezalex
Feb 15 at 0:35
Hi Andy, thank you for your answer. I do not think I can use iptables because my machine is running macOS. From what I understand, the similar utility on macOS is
pf, but I have not figured out the correct command/configuration.– ordonezalex
Feb 15 at 0:35
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?
sudo pfctl -E More examples of rdr usage: apple.stackexchange.com/questions/230300– Andy
Feb 15 at 0:40
Oh, that explains what rdr is. Looks like rdr piped to pfctl is the right command for OS X, and your example above seems to be using it correctly. Did you turn on the OS X firewall?
sudo pfctl -E More examples of rdr usage: apple.stackexchange.com/questions/230300– Andy
Feb 15 at 0:40
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ran
sudo pfctl -e which output pfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.– ordonezalex
Feb 15 at 0:48
Yes, the firewall is enabled. I checked System Preferences > Security & Privacy > Firewall (On) and ran
sudo pfctl -e which output pfctl: pf already enabled. That is one of the links I have been reading for some of my attempts. None are working yet.– ordonezalex
Feb 15 at 0:48
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1405892%2fhow-to-map-a-local-port-to-a-remote-port-without-ssh-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
