Author: oschlueter

Can’t access ElasticSearch through local port forward

oschlueter Leave a comment

I’m stuck at connecting to my SearchGuard-proteced ElasticSearch instance inside the company network from my local machine at home. I’m using a local SSH forward same as I got working for a phpMyAdmin instance.

My ~/.ssh/config contains these:

Host workstation-forward-phpmyadmin
    LocalForward localhost:8080 $WORKSTATION:443
    HostKeyAlias $GATEWAY
    Hostname $GATEWAY
    ExitOnForwardFailure yes
    User oschluet

Host workstation-forward-elasticsearch
    LocalForward localhost:9200 $WORKSTATION:9200
    HostKeyAlias $GATEWAY
    Hostname $GATEWAY
    ExitOnForwardFailure yes
    User oschluet

I engage these in a screen-session like so:
ssh workstation-forward-elasticsearch or ssh workstation-forward-phpmyadmin
and detach the screen.

Now I can access the phpMyAdmin through my browser by accessing https://localhost:8080 or use telnet to talk to the web server directly.
Unfortunately there seems to be an issue with ElasticSearch in this regard. From a different machine inside the company network I can access the ElasticSearch like this:

oschluet@ravenwood:~$ curl -k https://$WORKSTATION:9200 --user $user:$pass
{
  "name" : "redacted",
  "cluster_name" : "redacted",
  "cluster_uuid" : "redacted",
  "version" : {
    "number" : "5.1.1",
    "build_hash" : "5395e21",
    "build_date" : "2016-12-06T12:36:15.409Z",
    "build_snapshot" : false,
    "lucene_version" : "6.3.0"
  },
  "tagline" : "You Know, for Search"
}

Using the same credentials locally yields nothing:

[oschlueter@B5400 ~]$ curl -k https://localhost:9200 --user $user:$pass
# nothing happens

Using no credentials:

oschluet@ravenwood:~$ curl -k https://$WORKSTATION:9200
Unauthorized

[oschlueter@B5400 ~]$ curl -k https://localhost:9200
# again nothing

However telnet opens a connection:

[oschlueter@B5400 ~]$ telnet localhost 9200
Trying ::1...
Connected to localhost.
Escape character is '^]'.

I tried having ElasticSearch listen on the ip address, the hostname and 0.0.0.0 which all allowed me to connect from the other machine inside the network however no connection from my local machine could be established. I’m admin of $WORKSTATION and of my local machine. Could anyone help me locate the issue please?

Related: