Some stuff sounds simple and obvious for one group of people, and sounds crazy for another. One good story started after some attempts to remotely connect to the Web portal of one Huawei 4G Router. The caveat in this situation is that a direct connection was not possible, only thru a Linux Router. Because administrators are lazy – setting up a fully operational VPN was not the case, so I tried to make and SSH tunnel forward. But failed… at start.
Here is an simplified example of the topology:
The typical “fast” solution would be create and SSH session and point the browser to http://localhost:1880 (in case something is already listening to port 80. In fact, like Skype likes to do)
ssh [email protected] -L 1880:192.168.2.1:80
The problem evolved when I realized that the Router’s web portal had hard-coded URIs (although it took a minute to make myself look into Page and Network inspection) with the Routers LAN address (192.168.2.1 in our example). In result – the page was unable to load and the portal was unusable.
The solution found sounds nasty, but quite simple:
1. Create a New loopback inferface on the administrator PC. The creation on Windows in fact is quite straightforward (https://technet.microsoft.com/en-us/library/cc708322(v=ws.10).aspx)
2. Assign the Huawei Router’s IP address with netmask /32 (255.255.255.255) on the loopback interface. E.g – 192.168.2.1/32
3. Open a SSH tunnel, with IP definition for tunnel forward:
ssh [email protected] -L 192.168.2.1:80:192.168.2.1:80
4. Open web browser and navigate to http://192.168.2.1 and voila
1. At first I tried a /24 definition of the network mask. That did work at start, but stopped working at some point for a clearly understandable reason. (At least there was no overlapping in routes). Changing the netmask to /32 bringed it back to life.
2. Don’t forget to “disable” the Loopback adapter when you are done, or if you get a Network overlapping you will definitely spend some time on debugging.