Reverse tunneling is a big security issue but sometimes you may need it though. Please be very careful!
In my case I wanted to test an ELK setup with real data. My filebeats where installed behind a firewall which allowed connections from the logstash server to the filebeat server only. The other direction was blocked.
There are probably many approaches to configure a reverse tunnel. I tried a few and ended up with the following:
I created a screen of nohup process I ran the following command:
while true; do ssh -R 11514:localhost:1514 email@example.com 'while true; do date; sleep 15; done'; sleep 5; done
This command starts two infinite loops. The first one runs locally on the logstash server. The second runs remote on the filebeat server. The remote loop ensures that the tunnel stays alive. Some firewalls keep terminating connections which are idle. Additionally you can immediately see if the tunnel is still alive. The local loop reconnects to the remote server whenever the connection failed.
Note: This command requires authorized ssh keys to work. But you probably realized that already.
I like this solution very much because it heals itself even in very unstable networks.
Leave a Reply