== ssh port forwarding == -- Case 1.1. - Opening ssh forwarding tunnel from local host client1 to remote host host1 --
on host client1 launch command:
where:
<client1_local_port> is the local port on host client1 listening to perform port forwarding;
<host1_remote_port> is the port on remote host host1 the ssh-forwarded connection is to be redirected;
<host1user> is a user defined for ssh login on remote host host1;
<host1> is the remote host host1 where the ssh connection is to be forwarded.
One interesting application, is to open an ssh tunnel via port forwarding in order to access a service running on remote host from the local client, i.e.:
TCP port 3128 is the default port used by SQUID proxy to redirect http requests; in this way, I can set my browser on local client to use localhost:3128 as http proxy, while actually redirecting browser requests to localhost:3128 toward host1:3128; the ssh tunnel provides an encrypted tunnel through which web browser sessions are channeled.
This is a common setup when you have, for example, a LAN firewall denying access to external networks or websites: in this way, if I have an external ssh server (host1) that is reachable through the LAN firewall, I can proxy web browser sessions through port 3128 on my local client, bypassing the LAN firewall restrictions.
Running
on local client you can actually see a TCP 3128 socket listening for incoming connection.
Other clients on the same LAN may even share the same network socket TCP:3128 on client1.
-- Case 1.2. - Multi-hop ssh port forwarding --
SSH port forwardind can be done also in more complex setups, for example you can use 'muyltiple hops' in order to reach the external server, i.e.:
]
== ssh reverse port forwarding ==
-- Case 2.1. - Single-hop reverse port forwarding --
First, the client machine establishes an ssh tunnel toward a remote host, thus creating a ssh tunnel; then from the remote host it is possible to establish a connection toward the client machine through the established tunnel.
Example:
on the client machine, on which we suppose an ssh server is locally running and listening on port 22:
where:
<host1_remote_port> is the port on the remote host host1 that we want to use in order to establish connections back to the client machine;
<host1user> is a user defined for ssh login on remote host host1;
<host1> is the remote host host1 where the ssh connection is to be forwarded.
Then, on the remote host host1 we establish a new connection back to local client via:
where:
<client_user> is a user defined on the host <client>
This trick is particularly useful whenever a way is needed to remotely connect to the machine <client> from outside the LAN, and this machine <client> is behind a firewall that denies connections fromthe outside.
-- Case 2.2. - Multi-hop reverse port forwarding --
In the reverse port forwarding a multi-hop reverse tunnel is also possible, i.e.:
on machine <client> we open a ssh reverse tunnel:
Then from <host3> let's connect back to <client>:
Hi,
I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Hi friends
i have the following setup
machine1 two network adapters one connected to lan the other connected directly to machine2
machine2 is not connected to lan
i need to access machine2 directly from the LAN
how to force machine1 to forward all traffic received on a specific port the... (1 Reply)
Hi
I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables.
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230
iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT
... (2 Replies)
Hi,
from my workplace we use a proxy to connect to the outside world, including external ssh servers.
The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Hi Linux/Unix Guru,
I am setting Linux Hopping Station to another different servers.
My current config to connect to another servers is using different port to connect.
e.g
ssh -D 1080 -p 22 username@server1.com
ssh -D 1081 -p 22 username@server2.com
Now what I would like to have... (3 Replies)
So this seems like something that should be simple...but I can't quite seem to get it up and running. I have a machine, .107 with a GUI on port 8443. The problem is that I can't connect directly to .107 from my laptop. Now I have another machine, .69 that can connect to .107. So shouldn't I be able... (4 Replies)
Hi,
I'm trying to connect ftp over ssh port forwarding to a sever(UnixC) behind FireWall(F/W). here's my env and question.
UnixA(SSH Client) ----F/W ---- UnixB(SSH Svr) ---- UnixC (FTP, 21)
UnixA wants to connect ftp service of UnixC via SSH port forwarding on UnixB.
Unix A,... (3 Replies)
Here's a situation:
I do all my work on a Mac. I have mysql installed on my mac.
1. There's a certain linux server 'server01' that provides access to
another linux server 'server02' via a pseudo terminal
So, to ssh into 'server02', I do this from my mac:
ssh -t server01... (1 Reply)
Hi experts,
We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Hello All,
I would like to ask you very kindly with /etc/sysconfig/iptables file
I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated.
My... (2 Replies)