Reverse SSH tunneled HTTP traffic via lighttpd [RESOLVED]

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
danild
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 11

PostPosted: Tue May 28, 2019 19:39    Post subject: Reverse SSH tunneled HTTP traffic via lighttpd [RESOLVED] Reply with quote
Hello all,

Here's the scenario. There is a remote dd-wrt router behind NAT (not accessible from the Internet) and a local dd-wrt router with a public static ('white') IP. The remote router has a web server running on it and I need all the HTTP traffic to be reverse SHH tunneled to the local router and made available to browsers by lighttpd.

Here are the steps I take:
1. Run ssh -R 9999:localhost:8888 root@my_local_router_public_IP on the remote router (where 8888 is the web server port on the remote router and 9999 is a port on the local router)
2. Enable SSHd on the local router, enable access from WAN, enable TCP forwarding
3. Enable lighttpd on the local router on port 9999, double check it is running
Then I navigate to 192.168.1.1:9999 in my browser, but all I get is 404 Not Found errors.

What am I doing wrong please? Does lighttpd require some specific config for this scenario to let it know it shouldn't try to read index.html from the file system but only forward traffic from port 9999? Is it doable at all?

Any help will be much appreciated.


Last edited by danild on Thu May 30, 2019 7:18; edited 1 time in total
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Tue May 28, 2019 22:31    Post subject: Reply with quote
Is it possible you configured the lighttpd http port for 8888, but the browser is defaulting to https?

With most browsers defaulting to https rather than http these days, I do see from time to time ppl forgetting this fact and getting confused as to why some service isn't accessible.

I say this esp. since you were rather loose in your description of exactly how you had configured the lighttpd server. You said "http", but I'm not sure if you meant that literally. There are two port options available, one for http and the other https.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
danild
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 11

PostPosted: Wed May 29, 2019 6:24    Post subject: Reply with quote
Apologies for not being detailed enough - my lighttpd settings are as follows:

Lighttpd - Enable
HTTPS Port - 443
HTTP Port - 9999
WAN Access - Enable

The URL I navigate my browser to is http://192.168.1.1:9999
danild
DD-WRT Novice


Joined: 29 Dec 2017
Posts: 11

PostPosted: Thu May 30, 2019 7:15    Post subject: Reply with quote
Problem resolved - lighttpd needs to be configured to act as a proxy, so I did the following:

1. Killed lighttpd process
2. Added "mod_proxy" to server.modules property in /tmp/lighttpd.config
3. Added the following bit:

Code:
$HTTP["host"] == "192.168.1.1" {
    proxy.server = ("" => (("host" => "127.0.0.1", "port" => "9999")))
}


4. Restarted lighttpd:

Code:
lighttpd -f /tmp/lighttpd.conf


When I go to http://192.168.1.1:9999 now, all traffic is tunneled to the port 8888 of local router (the one behind NAT, inaccessible from the Internet otherwise).

This is as cool as it can be!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum