SSH Port Forwarding

SSH port forwarding, or TCP/IP connection tunneling, is a process whereby a TCP/IP connection that would otherwise be insecure is tunneled through a secure SSH link, thus protecting the tunneled connection from network attacks.

In other words, port forwarding, or tunneling, is a way to forward insecure TCP traffic through SSH Secure Shell.

There are two kinds of port forwarding:

1. Local port forwarding and

2. Remote port forwarding

They are also called outgoing and incoming tunnels, respectively.

Syntax:

Local port forwarding :

ssh SSHHOST -L LPORT:RHOST:RPORT

[You can use SSHHOST and RHOST as same or different]

Remote port forwarding :

ssh SSHHOST -R RPORT:LIP:LPORT

Example for local port forwarding:

Aim : Access a service (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80) on machine “YY.YY.YY.YY”

From your shell type:

ssh root@XX.XX.XX.XX -L 10000:YY.YY.YY.YY:22

Then, from your local machine, you should be able to connect to YY.YY.YY.YY by

ssh root@localhost -p 10000

Example for Remote Port Forwarding:

Aim : Access a service in your home machine from your office (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80)

From your machine at home type following:

ssh root@server1SSHHOST.COM -R 10000:192.168.1.19:22

Then SSH to the server “server1SSHHOST.COM” from your machine at office and type following.

ssh root@localhost -p 10000

Note : Don’t forget to open necessary ports on any firewall either at home or work.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: