2

Ultimately I'd like to port forward an HTTP connection. Troubleshooting the command in the linked question, I tried this:

ssh -L localhost:8888:www.google.com:80 -N localhost

If I now go to localhost:8888 on the same browser I get a 404 rather than the Google home page. With other sites I get other types of errors.

What am I missing here? Isn't this a simple port forward? Shouldn't everything above the TCP layer be identical? Obviously not.

So:

  1. What am I missing?
  2. Is there another command that would work?
Giacomo1968
  • 58,727
Leo
  • 575
  • 5
  • 16

2 Answers2

5

What you are missing

An HTTP(s) client will tell the server the name it is using to reach it (that allows for example multiple sites with different names to be hosted by the same server).

So, if the client says to www.google.com:

Hi www.google.com, please serve your home page

It works. But if the client says to www.google.com:

Hi localhost, please serve your home page

then the server does not quite know what you mean, because no localhost webserver is located there.

Alternative commands

You need to fake the "Host:" header that the client sends with the HTTP request. Otherwise, the hostname in the URL will be used. A couple of examples:

wget --header="Host: www.google.com" http://localhost:8888/

or

curl --header "Host: www.google.com" http://localhost:8888/
Giacomo1968
  • 58,727
Eduardo Trápani
  • 1,043
1

Port forwarding and HTTP/HTTPS don’t mix well due to name-based virtual hosts being so prevalent nowadays.

Your port forwarding via SSH only makes the hostname localhost available on port 8888.

If the application on the other side of google.com is not set to respond to the localhost hostname, it will fail with a 404.

Many websites — small to larger — bind web servers to a hostname and not an IP address. In Apache this is known as a name-based virtual host. The benefit of having a name-based virtual host setup is to allow multiple hostnames — associate with multiple websites/applications — to access those multiple websites/applications on the same IP address.

On a simple level, if you get a personal web hosting plan on a shared server, this is thew way your website can be served right next to dozens of other websites on the same box with the same IP address.

And while I don’t know what web server software Google is using, it seems to be binding based on hostname.

So when you go to localhost:8888 that sends the request to Google that you are requesting data for the hostname localhost. And on Google’s side it basically says, “Nope! No idea what you want with localhost; we don’t have that here!” and thus your 404 error.

That said if you want to experiment with local port forwarding, you might be better off setting up a test web server on your development machine that will serve content no matter what the hostname is — by making that site the “default” config — and then test accessing that site via different ports locally.

FWIW, the main benefit of port forwarding in my experience is to be able to connect to remote ports for non-web items locally when your admins don’t open default ports on whatever box you connect to. Look at many MySQL connection tools with GUIs and there is always an SSH option in place that allows you to connect via SSH but get access to the DB on your desktop.

Giacomo1968
  • 58,727