Shell Programming and Scripting

I have a process running on my local server.

http://dev.techx.com:6060/proct

I wish to block port 6060 and expose port 7777 to the outside world.

I block port 6060 and open port 7777 on the firewall.

What should be the PuTTY Settings -> Connection -> SSH -> Tunnels

1. Destination
2. Source port

entries so that i can access the URL using this URL: http://dev.techx.com:7777/proct

Please suggest.

Hi,

Apologies if I'm mis-understanding you here, but I don't think SSH tunneling is quite what you're looking for here. In general, the purpose of SSH tunneling is to map some port on your own local workstation (the system on which the SSH client is running) to some other IP address and/or port on the remote side of the connection (the end on which the SSH server is running).

So, one example (and something I often used to do). Let's say you have an SSH account on unix.acme.com, which is externally accessible via SSH from the Internet. On that same network there is another host, let's say a Windows server called windows.acme.com. You want to RDP into windows.acme.com, but it doesn't have port 3389 (the RDP port) open to the outside world.

One thing you could do in that situation is use an SSH tunnel. So, from your own system (which is neither unix.acme.com nor windows.acme.com, but is something entirely different) you set up an SSH connection to unix.acme.com with a tunnel configured to re-direct, let's say port 3900 on your own local machine to port 3389 on windows.acme.com. You choose 3900 in case there is already something running port 3389 on your own local machine, which if it is typical Windows PC there very well may be (its own RDP listener). You can then RDP to localhost:3900, and your connection is transparently passed through to port 3389 on windows.acme.com, giving you a graphical login session there.

Now the situation you describe is somewhat different. You want to actually re-present to the outside world a service which is running on one port, on to another different port. That's not what SSH tunneling can really be used for. It can only really "connect" a TCP port on your local machine, on which your SSH client is running, to another TCP port either on the remote server or another server to which it has access on its own local network. You are the only one who will ever be able to use the tunnel, as it will exist solely on your own local PC. No-one would ever be able to then use the same port externally to get the service at the remote end in another way.

I hope this makes sense. If I've mis-understood something then I apologise, and if you can explain a bit more about why you feel SSH tunneling is the best solution here for you then I can have another crack at helping you out.

Edit: in terms of an actual solution, this is more a job for the firewall. Firewalls generally offer a way to translate incoming connections on one IP and/or port to another address and/or port. Either that, or just configure the service on dev.techx.com to listen on a different port, or multiple ports.

What drysdalk is describing as a firewall function is usually called a NAT - network address translator.

Perhaps if you explained the problem you are trying to solve with ssh tunneling we can give a better answer.

And no, don't say "open port 777". Tell us what you are trying to accomplish by moving these ports around.