Closed port when tunneling HTTP over ssh

Question

I'm developing an application which will use AWS's SNS service to receive notifications over HTTP.

As I am developing the application locally and have no control of our company firewall, I am attempting to tunnel HTTP connections from an external EC2 host to my local machine for the purposes of testing.

Everything looks fine when verifying the connection from the EC2 host itself, however the port is closed when examined externally.

My local application is on port 2222. I have executed the following command on my local machine to establish the proxy:

ssh -i myCredentials.pem ec2-user@myserver.com -R 2222:localhost:2222

Where myserver.com points to an EC2 instance. SSH'ing to the EC2 instance, I can successfully connect to my application via the tunnel, and nmap displays the following:

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00055s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
2222/tcp open  EtherNet/IP-1

However when I run nmap against the EC2 instance from my local machine, the port is closed:

Nmap scan report for xxxxxx
Host is up (0.24s latency).
Not shown: 998 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
2222/tcp closed EtherNet/IP-1

The security group assigned to the server is allowing TCP traffic on ports 2222 on 0.0.0.0/0 and iptables isn't running on the server.

What do I need to do on the EC2 end to make this port open to the outside world?

Answer 1

The tunnelling command is correct, however in order for SSH to bind to the wildcard address, the following setting is required in /etc/ssh/sshd_config on the remote server:

GatewayPorts yes

Once this is added, restart sshd and the tunnelling will work as desired provided no firewalls are in the way.