Getting beyond those pesky iptables rules
Most of the development here at Semantics3 occurs on a shared development machine hosted at AWS. While this helps us control our dev environment with high precision, it causes some difficulties when trying to test features on a local computer. For example, connecting to a test database might be impossible, given that most ports from the dev machine are cutoff from the outside world.
This is where SSH comes to the rescue using its local port forwarding or “outbound” tunneling feature.
$ ssh -L [bind_address:]port:host:hostport [user@]hostname
Specifies that the given port on the local (client) host is
to be forwarded to the given host and port on the remote side.
As shown below, SSH can be used to setup a tunnel to access private-db:5432
from your localhost
via a public-host
.
+-----------------+ +-------------+ +-----------------+
| localhost:15432 |---SSH---\| public-host | | private-db:5432 |
| ==============================|==============> |
| |---------/| | | |
+-----------------+ +-------------+ +-----------------+
The command to setup the tunnel above is
$ ssh -L 15432:private-db:5432 user@public-host
Now, you can simply use your client of choice to connect to the database as if it were on your local computer.
$ psql -h localhost -p 15432 -d testdatabase
A few notes:
AllowTCPForwarding
needs to be set toyes
in your server's ssh config for this to work.- Additional flags
-nNT
can be used to suppress any output and avoid terminal allocation, as we just need port forwarding. - If this piqued your interest, I also highly recommend the talk The Black Magic of SSH / SSH Can Do That? by bjeanes.