You're on a jump box with access to an internal service that isn't directly reachable. Use chisel or socat to tunnel through and retrieve the flag from the internal endpoint.
