Using Public URL to access webpages on local network

I have a remote device running across the country using a 4G wifi dongle for connectivity. I need to remotely access the Web interface of this Wifi Dongle to edit some settings.

I have been attempting to use SSH port forwarding to allow me to access the web dashboard over my Balena device’s Public URL. However, I am not sure exactly how to achieve the intended result.

Here is a diagram of how I pictured this working.

When I tried to use the command ssh -L 80: localhost I received the error ssh: connect to host localhost port 22: Connection refused

Is this a viable option for accessing my router settings page?


Hello @gregorr1
Are you using a Development image or a Production image on your Balena device? i.e. can you ssh directly to the device on port 22222 ?

Hi Mark,

It’s a production image on the balena device. It is currently deployed on a site across the country from our offices.


Off the top of my head (no guarantees) you could try something like this…

In your first console: balena tunnel <short-uuid> -p22222 (tunnels local port 22222 to port 22222 on your balena device).

In your seconds console: ssh -p22222 -R 80:<your-router-IP>:80 root@localhost (set up a remote port forward on the balena device to divert all port 80 traffic to port 80 on your router).

In your third console: ssh -p22222 -L 8080:localhost:80 root@localhost (set up a local port forward to divert all traffic to localhost:8080 to balena device port 80).
Point your web browser at http://localhost:8080

I’m not 100% confident but I will give it a try on a device in our office to test it.

I will let you know how I get on.


Hi @markcorbinuk

Trying this from my command line on my windows PC, is that correct?

This is as far as I got before I got an error:

Should I be running the second command on the devices terminal?


Looks like you have 2222 (4 twos) in the first command and 22222 (5 twos) in the second. They should both be 22222 (five twos). All commands are run on your PC terminal like you are doing.

Oops! My bad. Tried it again with the correct number of twos.

Made it this far:

You need to generate an ssh key and add it to the balena dashboard. See here for details.

I didn’t realise, sorry - I’ll add that just now and try again! :slight_smile:

Hi @markcorbinuk

I’ve been trying to add the ssh keys to my account.

I’ve added the key to my balena account and added the id_rsa key to the ssh-agent on my pc, but I’m still receiving the same permission denied error.

Are there any other steps I need to take?

Hi @gregorr1

Thanks for reaching out. A couple of things we can try to investigate the SSH permission issue:

  • Check the following to make sure the key is in-fact rightly loaded (or is the right key): Error: Permission denied (publickey) - GitHub Docs
  • Another thing is to run ssh with verbose option -v.i.e. ssh -vT . Check the output, if need be send the output across and we can take a look as to what is causing the issue.


Hi @nitish,

I can successfully authenticate with github using the ssh -vT command. I have imported all of my keys from github to my balena account, so they should be the same.

As for running the ssh command with verbose option, the following is the output.


Hello @gregorr1

I have spoken to our balena cli developers about the permissions and it seems that you need to use your balenaCloud username instead of root, e.g.

balena tunnel <short-uuid> -p22222
ssh -p22222 -R 80:<your-router-IP>:80 <cloud-username>@localhost
ssh -p22222 -L 8080:localhost:80 <cloud-username>@localhost
Point your web browser at http://localhost:8080

Thanks for the reply @markcorbinuk.

This has got me a bit further, and I now have root on the balena device. However, the third command fails with the following error.


You need to run the 3rd command from a Windows console and not on the device.

Ahh gotcha.

Tried that and its now working!! :smiley:

I just want to check, how do I stop the port forwarding once I’m finished?

Thanks for the help.

Just exit or Ctrl-D from each of the root@<uuid> shells. Alternatively you could add -N to each ssh command so that they don’t open a shell on the device - then you would just use Ctrl-C to terminate each port forward.

Brilliant. Thank you very much for the help :slight_smile:

No problem.