Login or Register to Ask a Question and Join Our Community


IP Networking

Totally stucked in ssh port forwarding

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking Totally stucked in ssh port forwarding
# 1  
Old 08-20-2012
Totally stucked in ssh port forwarding
Hello my friends , i am totally stuck in ssh port forwarding topic

i had learn iptables and other networking topic without any problem but ssh port forwarding is headache

1. local port = what is this ? is this incoming traffic or outgoing traffic
2. remote port = same as above
3. dynamic port = same as above

i know this topic is very easy but seriosly i am stucked in this topic

I could not find any proper documentation on this topic on internet , every topic that i found is not well documentated , i mean topics are not properly written or explained .

Any Help
Thanks
# 2  
Old 08-21-2012
== ssh port forwarding ==
-- Case 1.1. - Opening ssh forwarding tunnel from local host client1 to remote host host1 --
on host client1 launch command:
Code:
<client1> # ssh -t -L <client1_local_port>:localhost:<host1_remote_port> <host1user>@<host1>

where:
<client1_local_port> is the local port on host client1 listening to perform port forwarding;
<host1_remote_port> is the port on remote host host1 the ssh-forwarded connection is to be redirected;
<host1user> is a user defined for ssh login on remote host host1;
<host1> is the remote host host1 where the ssh connection is to be forwarded.

One interesting application, is to open an ssh tunnel via port forwarding in order to access a service running on remote host from the local client, i.e.:
Code:
<client1> #ssh -t -L 3128:localhost:3128 myuser@host1

TCP port 3128 is the default port used by SQUID proxy to redirect http requests; in this way, I can set my browser on local client to use localhost:3128 as http proxy, while actually redirecting browser requests to localhost:3128 toward host1:3128; the ssh tunnel provides an encrypted tunnel through which web browser sessions are channeled.
This is a common setup when you have, for example, a LAN firewall denying access to external networks or websites: in this way, if I have an external ssh server (host1) that is reachable through the LAN firewall, I can proxy web browser sessions through port 3128 on my local client, bypassing the LAN firewall restrictions.

Running
Code:
<client> # netstat -an

on local client you can actually see a TCP 3128 socket listening for incoming connection.

Other clients on the same LAN may even share the same network socket TCP:3128 on client1.

-- Case 1.2. - Multi-hop ssh port forwarding --

SSH port forwardind can be done also in more complex setups, for example you can use 'muyltiple hops' in order to reach the external server, i.e.:

Code:
<client> # ssh -t -L <client_local_port>:localhost:<remote_port_host1> <user1>@<host1> ssh -t -L <remote_port_host1>:localhost:<remote_port_host2> <user2>@<host2> ssh -t -N -L <remote_port_host2>:localhost:<remote_port_host3> <user3>@<host3>

]


== ssh reverse port forwarding ==

-- Case 2.1. - Single-hop reverse port forwarding --
First, the client machine establishes an ssh tunnel toward a remote host, thus creating a ssh tunnel; then from the remote host it is possible to establish a connection toward the client machine through the established tunnel.

Example:
on the client machine, on which we suppose an ssh server is locally running and listening on port 22:
Code:
<client> # ssh -t -R <host1_remote_port>:localhost:22 <host1user>@<host1>

where:
<host1_remote_port> is the port on the remote host host1 that we want to use in order to establish connections back to the client machine;
<host1user> is a user defined for ssh login on remote host host1;
<host1> is the remote host host1 where the ssh connection is to be forwarded.

Then, on the remote host host1 we establish a new connection back to local client via:
Code:
<host1> # sh -p <host1_remote_port> <client_user>@localhost

where:
<client_user> is a user defined on the host <client>

This trick is particularly useful whenever a way is needed to remotely connect to the machine <client> from outside the LAN, and this machine <client> is behind a firewall that denies connections fromthe outside.


-- Case 2.2. - Multi-hop reverse port forwarding --
In the reverse port forwarding a multi-hop reverse tunnel is also possible, i.e.:
on machine <client> we open a ssh reverse tunnel:
Code:
<client> # ssh -t -R <host1_remote_port>:localhost:22 <user1>@<host1>
   ssh -t -R <host2_remote_port>:localhost:<host1_remote_port> <user2>@<host2>
   ssh -t -N -R <host3_remote_port>:localhost:<host2_remote_port> <user3>@<host3>

Then from <host3> let's connect back to <client>:
Code:
<host3> # ssh -p <host3_remote_port> <client_user>@localhost


Hope this helped a little.
see ya
fra
# 3  
Old 08-21-2012
Now i understood

Local port forwarding is outgoing
remote port forwarding is incoming (to access client service)
dynamic port forwarding for sock proxy

Very interesting topic above is "Multiple hop ssh forwarding"

Thank you very much .................. Frappa
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

iptables port forwarding

Hello All, I would like to ask you very kindly with /etc/sysconfig/iptables file I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated. My... (2 Replies)
Discussion started by: oidipus
2 Replies

2. UNIX for Advanced & Expert Users

Help on port forwarding please..

Hi experts, We have windows machine ( A ) in one network & 2 Linux Servers ( B & C ) in another network. There is a firewall between these 2 networks and SSH (TCP/22) & HTTPS (TCP/443) are allowed from A to B only (but not to C). There is no personal firewall / iptables running on any machine.... (1 Reply)
Discussion started by: magnus29
1 Replies

3. IP Networking

Ssh port forwarding through a pseudo terminal

Here's a situation: I do all my work on a Mac. I have mysql installed on my mac. 1. There's a certain linux server 'server01' that provides access to another linux server 'server02' via a pseudo terminal So, to ssh into 'server02', I do this from my mac: ssh -t server01... (1 Reply)
Discussion started by: imperialguy
1 Replies

4. IP Networking

Ftp over SSH port forwarding

Hi, I'm trying to connect ftp over ssh port forwarding to a sever(UnixC) behind FireWall(F/W). here's my env and question. UnixA(SSH Client) ----F/W ---- UnixB(SSH Svr) ---- UnixC (FTP, 21) UnixA wants to connect ftp service of UnixC via SSH port forwarding on UnixB. Unix A,... (3 Replies)
Discussion started by: hanyunq
3 Replies

5. UNIX for Dummies Questions & Answers

SSH port forwarding/tunneling

So this seems like something that should be simple...but I can't quite seem to get it up and running. I have a machine, .107 with a GUI on port 8443. The problem is that I can't connect directly to .107 from my laptop. Now I have another machine, .69 that can connect to .107. So shouldn't I be able... (4 Replies)
Discussion started by: DeCoTwc
4 Replies

6. IP Networking

SSH Port Forwarding - sharing the same port

Hi Linux/Unix Guru, I am setting Linux Hopping Station to another different servers. My current config to connect to another servers is using different port to connect. e.g ssh -D 1080 -p 22 username@server1.com ssh -D 1081 -p 22 username@server2.com Now what I would like to have... (3 Replies)
Discussion started by: regmaster
3 Replies

7. Cybersecurity

ssh X-forwarding and remote forwarding behind proxy

Hi, from my workplace we use a proxy to connect to the outside world, including external ssh servers. The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies

8. UNIX for Advanced & Expert Users

Port forwarding

Hi I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables. iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230 iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT ... (2 Replies)
Discussion started by: slash_blog
2 Replies

9. AIX

Port/ IP Forwarding AIX5.3

Hi friends i have the following setup machine1 two network adapters one connected to lan the other connected directly to machine2 machine2 is not connected to lan i need to access machine2 directly from the LAN how to force machine1 to forward all traffic received on a specific port the... (1 Reply)
Discussion started by: Husam
1 Replies

10. UNIX for Advanced & Expert Users

port forwarding

Hi, I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies
Login or Register to Ask a Question