Linux Horizon

SSH Port Forwarding (SSH Tunneling)

Hacker Emblem
Sintax: 
ssh -L localport:host:hostport user@ssh_server -N 
where: 
-L - port forwarding parameters (see below) 
localport - local port (chose a port that is not in use by other service) 
host - server that has the port (hostport) that you want to forward 
hostport - remote port 
-N - do not execute a remote command, (you will not have the shell, see below) 
user - user that have ssh access to the ssh server (computer) 
ssh_server - the ssh server that will be used for forwarding/tunneling 

Without the -N option you will have not only the forwardig port but also the remote
 shell. Try with and without it to see the difference. 

Note: 
1. Privileged ports (localport lower then 1024) can only be forwarded by root. 
2. In the ssh line you can use multiple -L like in the example... 
3. Of course, you must have ssh user access on secure_computer and moreover 
   the secure computer must have access to host:hostport 
4. Some ssh servers do not allow port forwarding (tunneling). See the sshd man 
   pages for more about port forwarding (the AllowTcpForwarding keyword is set to 
   NO in sshd_config file, by default is set to YES)... 

Example: 
ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N 
ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 \ 
25:mail.linuxhorizon.ro:25 user@computer -N 
The second example (see above) show you how to setup your ssh tunnel for web, pop3
and smtp. It is useful to recive/send your e-mails when you don't have direct access
to the mail server. 
  
For the ASCII art and lynx browser fans here is illustrated the first example: 

   +----------+<--port 22-->+----------+<--port 80-->o-----------+ 
   |SSH Client|-------------|ssh_server|-------------|   host    | 
   +----------+             +----------+             o-----------+ 
  localhost:8888              computer      www.linuxhorizon.ro:80 

...And finally: 
Open your browser and go to http://localhost:8888 to see if your tunnel is working. 
That's all folks! 
  

The SSH man pages say: 

-L port:host:hostport 
 Specifies that the given port on the local (client) host is to be 
 forwarded to the given host and port on the remote side.  This 
 works by allocating a socket to listen to port on the local side, 
 and whenever a connection is made to this port, the connection is 
 forwarded over the secure channel, and a connection is made to 
 host port hostport from the remote machine.  Port forwardings can 
 also be specified in the configuration file.  Only root can for- 
 ward privileged ports.  IPv6 addresses can be specified with an 
 alternative syntax: port/host/hostport 

-N Do not execute a remote command.  This is useful for just for- 
 warding ports (protocol version 2 only). 

If you need additional infos or Q&A please go to Contact Page for our e-mail addresses...

LiNUX Horizon it is a NetXpert Partner

LiNUX Horizon Main Page | LiNUX Horizon Online Shop | LiNUX Horizon Forum


No Banana Union - No Software Patents Say NO to software patents!

Valid XHTML 1.0! Valid CSS! Viewable With Any Browser