[Feature Request] Remote port forwarding about chisel HOT 5 CLOSED

It's possible however I'm not sure if it would make sense. Currently, chisel client ... basically does an ssh -L local port forward (opens a new TCP server on the client). Whereas a -R remote port would open a new TCP server on the server. The purpose of chisel is to overcome firewalls by running all traffic over HTTP, so one would need to send this traffic over HTTP. With -L the local server performs this encapsulation, though with -R we have no client to perform this encapsulation. So it only makes sense to open up normal ssh -R port forward, in which case, I'd just suggest you use ssh.

from chisel.

Indeed we are facing a very strict firewall only HTTP and HTTPS are allowed. Any other links include ssh are unstable and unusable usually.

Before jump into chisel using websocket, the following solution has been used, but it is too tricky and has no good performance. It also breaks the normal HTTP server deployments.

client             |                 | server          /----------> HTTP server
autossh -> stunnel ----->FIREWALL----->stunnel->sslh--+-------> ssh server

The local traffic are encapsulated and forwarded by ssh -L. Also, when running autossh a -R is added to open a remote port forwarding to the local client side. The remote port forwarding is used to do some settings to the local client host, which is impossible without remote port forwarding capability when you are outside the firewall.

The ssh -R alike option would be added to chisel client side instead of server side. The remote forwarded ports would only be opened by the requests of authenticated clients.

In conclusion, chisel server is more like the sshd daemon, while chisel client behaves more like the ssh client. They communicate via the HTTP/HTTPS(WS/WSS) linkage.

The -R options would and should only be added to the chisel client side. Something like:

chisel client [options] <server> <remote> [remote] [remote] [-R [bind_address:]port:host:hostport] [-R [bind_address:]port:host:hostport]...

from chisel.

Have you tried tunneling to the SSH server via chisel, then do your normal SSH from there?

from chisel.

It surely works tunneling to the SSH server via chisel. That results in a multiple-layer tunnel.
SSH remote port forwarding is tunneled via ssh, which is tunneled through chisel, then websocket and TLS.

If chisel can do remote port forwarding, the 4-layer tunnel could be simplified to three layer.

from chisel.

See #3 for a better solution to this - will close as it covers this use case. If I'm mistake, feel free to re-open

from chisel.