View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions How do I open port 8887?
Log in to Ask a Question

How do I open port 8887?

I need to access a raspberry pi using a Linode cloud server and a reverse ssh tunnel. To do this, I use the following command in the pi terminal

ssh -N -R 8081:localhost:8887 root@linodeIPv4address

This command tells the pi to ssh to the Linode cloud server, open port 8081, then forward them over the tunnel back to the Pi on port 8887. Once the Pi sets up that remote tunnel, from the server it connected to, I use the following command

ssh -l pi -p 8081 localhost

here is the output after running that command

ssh_exchange_identification: Connection closed by remote host

this is the output on the pi terminal

root@localhost: ~# connect_to localhost port 8887: failed

if I use port 22 instead of 8887 it works fine

Why does the connection fail? how can I make it work? do I need to open port 8887 on the linode cloud server or on the localhost? who is the localhost?

Here is the output of "netstat -lnp" on the server

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN 16717/1
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 16358/0
tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN 17015/2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1704/sshd
tcp6 0 0 ::1:2222 :::* LISTEN 16717/1
tcp6 0 0 ::1:8080 :::* LISTEN 16358/0
tcp6 0 0 ::1:8081 :::* LISTEN 17015/2
tcp6 0 0 :::22 :::* LISTEN 1704/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 15287898 16360/systemd /run/user/0/systemd/private
unix 2 [ ACC ] SEQPACKET LISTENING 9891 1/init /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 15287902 16360/systemd /run/user/0/snapd-session-agent.socket
unix 2 [ ACC ] STREAM LISTENING 12449 1/init /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 12453 1/init /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 12454 1/init /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 12438 1/init /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 12463 1/init /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 9709 1/init /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 9714 1/init /run/systemd/fsck.progress
unix 2 [ ACC ] STREAM LISTENING 9715 1/init /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 9725 1/init /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 10079 1/init /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 14104 1504/iscsid @ISCSIADM_ABSTRACT_NAMESPACE

here is the output of "iptables -L"

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:8887
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

6 Replies

The port forward you have set up states “when a connection is received on port 8081 on Linode, forward the traffic through the SSH tunnel to port 8887 on localhost.”

Localhost refers to the machine that initiated the port forward - I.e. the Pi.

Question is, is anything running on the Pi on port 8887 - the error you’re seeing suggests not.

What is it you are trying to expose via your Linode?

@andysh
thanks for your reply
When I run the reverse tunnel ssh command, nothing is running on the Pi on port 8887. My goal is to expose a web server via my Linode that can be accessed via a web browser (Chrome, Firefox, etc…). I have a python program that creates a web server on that port. To access it, I search the pi's ip address on a web browser, for example:

192.168.1.xx:8887/drive

what I was hoping to accomplish using Linode was to access the server over the internet by searching the Linode's IPv4 address

linodeIPv4address:8081/drive

In other words, connecting to port 8081 on the linode server directs me to port 8887 on the pi, which runs the web server

I have tried running the python program that creates the web server on port 8887 and the reverse tunnel command simultaneously on the pi terminal using the following

python main.py & ssh -N -R 8081:localhost:8887 root@linodeIPv4address

but when I search "linodeIPv4address:8081/drive" on a web browser, I'm still not able to access the web server
Any ideas on how to make this work?
Thank you

You’re on the right track. Your Python server does have to be running before the first connection over the tunnel, otherwise there is nothing for it to connect to.

As to why it’s not working, I believe the port forward will only be bound to the Linode’s “localhost” address, not its public IP.

Try changing your command to:

ssh -N -R \*:8081:localhost:8887 root@linodeIPv4address

The first parameter in the port forward is the bind address for the remote (Linode) side of the connection. It can be one of the Linode’s IPs, “*” for all, “0.0.0.0” for all IPv4 or “[::]” for all IPv6 addresses.

@andysh
I tried your suggestion but I still cannot get it to work :/

I followed the instructions from this site: https://www.maketecheasier.com/reverse-ssh-tunnel-allow-external-connections/

by changing the value for "GatewayPorts" from no to yes in the ssh_config file of the root user (Linode server). Still, I cannot access the web server on port 8887 after running the following command in the pi terminal

python main.py & ssh -N -R *:8081:localhost:8887 root@linodeIPv4address

(note: in the above line, when I type the backslash symbol between the -R and the *, it disappears after I submit the reply)

if the port forward will only be bound to the Linode’s “localhost” address, not its public IP (IPv4), how can I find the Linode's localhost address?

Ah yes I forgot about that setting.

in the ssh_config file

Did you change it in the ssh_config or the sshd_config file? (Note the “d” to refer to the server config file.)

Make sure you’ve changed this in sshd_config and restart the SSH service, then try your connection again.

if the port forward will only be bound to the Linode’s “localhost” address, not its public IP (IPv4), how can I find the Linode's localhost address?

The localhost IP is always the same on any machine - 127.0.0.1 (IPv4) or ::1 (IPv6.)

It’s a special address that always refers to “this machine” (literally, the “local host”). For this reason, it cannot be accessed from any other machine.

You are correct, I was supposed to update the the sshd_config file, not ssh_config. It works now! thank you very much

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct