Tunnel HTTP traffic through a reverse tunnel to a network behind a firewall.

Do you ever find yourself in need to browse the web from a network behind a firewall?

I’m curious if there’s a more direct route, but here’s what I did.

SSH Setup Reverse Tunnel

Borrowed from my post about setting this up for Remote Desktop.

On a LightSail instance on AWS (or your choice of linux servers)

sudo apt update
sudo apt install openssh-server

Edit the sshd_config

sudo vim /etc/ssh/sshd_config

At the bottom. Type “i” for insert then add the following lines

#Allow SSH Tunneling

To save: esc then “:wq” (command, wright, quit)

you can check that’s in there by running

cat /etc/ssh/sshd_config | Gate


#GatewayPorts no

On your windows computer behind the firewall

Follow instructions from Microsoft to install OpenSSH:

Add to file ~/.ssh/config
#aws server
   User bitnami
   IdentityFile ~/.ssh/id_rsa
   IdentitiesOnly yes
   ServerAliveInterval 60
   ServerAliveCountMax 10

Adding ServerAliveInterval sets the number of seconds the client will wait before sending a keep connection alive

ServerAliveCountMax sets the number of times the client will try to keep connection alive.

you can also add this to the server as well.

vim etc/sshd/ssh_config


ClientAliveInterval 60
ClientAliveCountMax 10 #default is 3

Be sure to open up the correct port on your AWS firewall. I suggest restricting traffic on port 12345 only to the ip address of your client so you’re not opening up the port for nefarious actors.

In your terminal enter:

ssh -2 -4 -T -N -C -R

This creates an ssh tunnel, where a client can ssh into port 12345 on the AWS server which tunnels the traffic to your windows server behind the firewall.

Tunnel HTTP through SSH Tunnel with PuTTY

On your client computer, install PuTTY with the msi


Use the PuTTYgen tool that’s installed to convert the private key to PuTTY’s .ppk format

Open PuTTY,

Host Name (of IP Address): (ip of your aws server)
port: 12345

In the category field go to Connection -> SSH -> Tunnels

in source port: 8080
destination port: localhost:80
Select Dynamic

Click Add

Navigate back to Session

name the configuration, and save, then press open.

Because all traffic coming into 12345 on the aws server is routed to port 22 on the windows server, log in with your username and password for the windows machine. Once logged in, you’ll see the command prompt on your windows server.

Configure Proxy

Firefox is the easiest to set up. From options menu (top right) select Settings

At the very bottom of GENERAL, in the Network Settings section, select Settings

From the radio buttons, select Manural proxy configuration

in SOCKS Host: localhost
Port: 8080

Select Socks v5

Check the box next to Proxy DNS when using SOCKS V5

Test you setup

open google and search for “What is my ip”, The search result includes your IP address, it should be the IP of the WAN (Wide Area Network) of your windows server.


OpenSSH has a verbose mode. Add -v to your command for standard amount of verboseness. -vv will add even more info, -vvv will provide even more


The first tunnel is to forward all traffic from port 12345 on the AWS server to port 22 on the Windows Server

The Second tunnel forwards all traffic on port 80 (http) from your client computer (through the first tunnel), then requests the http traffic from the windows server.

Use SSH (without PuTTY)

In a terminal:

ssh -D 8080 -C -N [email protected] -p 12345

-D ::: Enables dynamic port forwarding, also known as a SOCKS proxy.
8080 is the binding port
-C ::: Enables compression
-N ::: Enables quiet mode
user ::: your windows server username ::: Your AWS server
-p ::: Set ssh port
12345 ::: the port we want to connect to the AWS server so traffic is forwarded to the windows server

Activate Proxy on Mac

Settings -> Network -> (your network connection wifi/ethernet)


From the details screen, select Proxies menu item.

activate SOCKS proxy.
Server: localhost
port: 8080