When using "ssh -D" to establish a SOCKS-type proxy, I can specify the
bind_address for the local end of the connection, but how do I control
the bind address on the far end?
I'm accustomed to using -D to remotely administer various web services
that are behind a firewall/bastion-host instead of using commercial VPN
software, but I ran into a situation today that doesn't seem to permit
it: accessing "localhost".
The remote server has a web-based management service that only binds to
0.0.0.0, but only accepts connections *from* 127.0.0.1 and [::1].
First, I can't seem to convince Firefox to connect to "localhost" or
"127.0.0.1" using a SOCKS proxy.
Second, I can't figure out a way to get sshd(8) on the remote side to
use 127.0.0.1 as a source address when hitting the public IP address.
(Yes, the web service rejects connections from its own public IP
addresses, too.)
I can accomplish the task with -L instead, which works well, but that
approach doesn't scale nearly as easily when I'm connecting to a wide
variety of systems in quick succession, and it fails utterly when the
remote app insists on constantly rewriting its own URL to a canonical
value (because of the wrong port#).
Is there any way to do what I want with -D instead of -L ?
And is the second problem (source IP) just an artifact of Firefox
refusing to even send the request over the SOCKS tunnel in the first place?
Thanks,
-Adam
