MythWeb ssh tunnel howto

From MythTV Official Wiki
Revision as of 19:35, 11 August 2010 by Wagnerrp (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

I am going to briefly describe how to connect to mythweb that is behind a firewall in a router. I will assume you have mythweb running. If you need help with that please see the mythweb documentation: http://www.mythtv.org/docs/ I will also assume that you know how to forward ports on your router. This is different for each router so I will not try and cover that here. You can consult the documentation that came with your router for instructions on how to do that. You will need to forward port 22 to the IP address that your computer with mythtv is running. To find out the IP address type:

ifconfig

and look for the following line:

inet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0

It should be under the eth0 section. If you are running multiple ethernet cards then it is up to you to figure out which section you need. Your numbers may be different but you specifically need the number that is where the number 192.168.1.104 is in my example above.

To connect you will need ssh. The version I am currently using is OpenSSH 3.8.1p1. Most UNIX variants come with ssh and if they don't it should be easy to get. For windows you can use cygwin, which emulates a UNIX environment, or you can use an ssh program like PuTTY. If you need to use windows on a daily basis I would recommend installing cygwin because it has a lot of other UNIX tools other than just ssh. If you are somewhere and don't want to install a lot of stuff, PuTTY is a great solution because it is one .exe file so there is no install, you just run it. First I will briefly cover ssh.

ssh stands for secure shell and is used most to connect to a remote machine using encryption so no one can eavesdrop. To connect to a remote machine is easy, just type:

ssh username@remotedomain

my username is cflynn and on my local network I want to connect to 192.168.1.104 (you can use the ip address instead of a domain name like somewhere.com which you may not have) in this case I would type: "ssh cflynn@192.168.1.104" It will ask me if I want to accept the key into my keychain the first time, say yes. It will then ask your for you password. You are now connected to your remote computer and can do pretty much whatever you could if you were connected to that computer. Putty works similarly except when you run it you get a dialog box and you just need to put the user@remotedomain line in the field for "Host Name (or IP address)" but leave the Port number alone. (It should be 22)

Now this will let you do most things but it won't let you run X11 programs. For this you can give it the -X flag but I am not going to go into that here since our main concern is mythweb.

To forward a port you need to use the -L option and it will look something like this:

ssh -L <local port>:localhost:<remote port> user@remotedomain

The local port is what you connect your web browser to. The default web port is port 80. If you are already running a web server on your local computer you can specify another port here and then point your web browser to that port. (examples to follow) the line localhost is where the connection to your browser will happen, it should be your computer. The default domain name is localhost but if that doesn't work you can use the ip address 127.0.0.1 which is called a loopback because it points to the computer you are on. The remote port is the port on the remote computer that the web browser is running. This too will most likely be port 80 but if you are running your web server on a different port, then that gets specified here. user@remotedomain is just like above.

Got all that? So an example would be:

ssh -L 80:localhost:80 cflynn@mydomain.com

This will prompt you for a password and it will seem like all you did was ssh to your remote computer. Now open up your web browser and point it to: http://localhost/mythweb/ (note: You need to keep the terminal window that you typed the ssh command open or the ssh tunnel will close) Now if you don't have a domain name, just use your WAN IP address. Usually you can find that information from your router.

Now if you are running a web server on your local computer, you will need to use a different port. In this case we'll use 8080 because it's a nice number. In this case you would type:

ssh -L 8080:localhost:80 cflynn@mydomain.com

Notice the remote port stays the same. Now point your browser to the new port:

http://localhost:8080/mythweb/

If this is going the wrong way up your home ADSL line you may want to enable ssh compression to reduce bandwidth use, which you can do using the -C option like this:

ssh -C -L 8080:localhost:80 cflynn@mydomain.com

To tunnel using PuTTY, in the connection dialog box go to Connection->SSH->Tunnels and at the bottom for the source port is the same as the <local port> above and the destination should be: "localhost<remote port>. Also below that make sure local is selected. Then click the add button. Remember, don't close the putty window or your tunnel will close as well.