SSH port forwarding

Hello,
I need help about ssh port forwarding. I should create ssh port forwarding but I don't understand how.
I'm gonna describe you my case. I have one server in my local network (192.168.20.21) and I should create acces do the Oracle database on port 1521 on remote server over Jump server (84.235.50.16). I was reading about ssh port forwarding but I didn't understand how to create local (with -L option) and remote (with -R option). I want to forward all connections which come on port 1152 on my local host to remote server on port 1521 but over Jump server.

Also, do I need to do something with ssh keys when I create ssh port forwarding over Jump server ?
Can anybody explain me this problem pls ?

Hello,

Essentially, the idea with SSH port forwarding is that you use the host that you SSH into as a kind of connectivity bridge, linking up your local computer in some fashion with the network available to the remote computer. Using local port forwarding you are able to use a port on your local computer to connect to a service running on the remote network; or using remote forwarding, you can enable hosts on the remote end to connect to services on your computer via a port that is opened on the host you are SSH'd into.

That's the basic idea, anyway. So in your scenario, it sounds like you want to use local port forwarding, thus allowing you to connect to port 1152 on your local machine, and to have those packets forwarded to port 1521 on a remote machine. This will work so long as from the SSH host you are able to connect to port 1521 on the database server. If the host you are SSH'ing into cannot directly connect to port 1521 on the DB box, then attempts to forward the connections from your local machine to the remote one will not succeed.

The syntax you would be looking for would be something along the lines of:

ssh -L 1152:<IP address of the Oracle box at the remote end>:1521 <the rest of your normal SSH options go here>

So for example, if I wished to SSH into a host called ssh-gateway and use it to forward connections from port 8080 on my local machine to port 80 on a Web server with an IP of 192.168.0.1 (which would need to be accessible from the ssh-gateway host for this to work), I would type:

ssh -L 8080:192.168.0.1:80 user@ssh-gateway

and that would do the trick. I could now visit http://127.0.0.1:8080 in a Web browser running on my local machine, and in reality I would find myself effectively talking to port 80 on 192.168.0.1 on the remote end, and be able to use Web sites hosted on it as if I was directly accessing them from ssh-gateway.

Again, this all depends on 192.168.0.1:80 being accessible from the host ssh-gateway - if it is, then this will work. If it is not, then this will just silently fail to produce any usable results.

Hope this helps ! If any part of the above is unclear or if you have any further questions, please let us know and we can take things from there.

Thank you @drysdalk. It's more clearly now. I have one more question please. Is it obligatory to copy ssh public key on one of these servers, ssh-gateway or 192.168.0.1 or I can establish ssh port forwarding without copy ssh .pub keys ? That is part which I didn't understand on best way, so I would like to get explain if you have enough time of course. Thank you.

Hello,

SSH keys are not a necessity for local or remote port forwarding, no. You absolutely can use them, but you do not have to. Forwarding works entirely independently of authentication. As long as you are able to log in to the remote server, and as long as the remote server is configured to allow port forwarding (this can be disabled in the global SSH server configuration file), then you should find that you are able to make port forwarding work.

It's great. I appreciate your time. It's more clearly now. Thank you for explanation.