13,420
edits
Changes
no edit summary
# Switch to your '''centos1''' VM, and cLick on the following link to launch your message in a web-browser: '''http://localhost'''<br>What happenned? If your message didn't load, why do you think it didn't load?
# Return to your c7host VM, and issue the following itables rules to add (append) an exception to view incoming web requests on your local machine (interface card: lo - loopback address): <br><b><code><span style="color:#3366CC;font-size:1.2em;">iptables -A INPUT -i lo -j ACCEPT</span></code></b>
# On '''centos1''' confirm that the httpd service is stopped so it you still cannot interfere with your observations.# On '''centos1''' confirm that you can't connect to c7host web-server by using firefox to centos1 clicking on the following link: '''http://centos1/'''<br><br># The next step is to establish a <u>tunnel</u>. When you establish a tunnel you make an ssh connection to a remote host and open a new port on the local host. That local host port is then connected to a port on the remote host through the established tunnel. When you send requests to the local port it is forwarded through the tunnel to the remote port.<br><br># <ol><li value="1">In a terminal in your '''centos2''' VM, '''make certain you are NOT logged in as root!'''</li># <li>Establish a tunnel using a local port on centos2 of 20808, that connects to the remote port on '''c7host''' of 80, using the following command on '''centos1''':<br /><b><code><span style="color:#3366CC;font-size:1.2em;">ssh -L 20808:centos1:80 username@centos1</span></code></b><br><br> '''Note:'''<br>The '''-L''' option (which means Local port) takes one argument:<br><span style="courier"><local-port>:<connect-to-host>:<connect-to-port></span><br><br> The command basically connects your local port of 20808 to the remote port of 80 on '''c7host'''.<br>This means all requests to 20808 on the <u>localhost</u> ('''centos1''') are actually tunneled through your ssh connection<br>to port 22 on '''c7host''' and then delivered to port 80 on '''c7host''', bypassing the firewall.<br><br></li># <li>Once the tunnel is established use '''netstat''' to verify the port 20808 is listening on '''centos1'''</li># <li>Now using the browser on '''centos1''' connect to '''http://localhost:20808'''</li>#<li>You should see the '''index.html''' page on '''c7host'''.</li># <li>Close the ssh connection and verify that the port 20808 is no longer listening.</li></ol>