== ssh port forwarding ==
-- Case 1.1. - Opening ssh forwarding tunnel from local host client1 to remote host host1 --
on host client1 launch command:
<client1> # ssh -t -L <client1_local_port>:localhost:<host1_remote_port> <host1user>@<host1>
where:
<client1_local_port> is the local port on host client1 listening to perform port forwarding;
<host1_remote_port> is the port on remote host host1 the ssh-forwarded connection is to be redirected;
<host1user> is a user defined for ssh login on remote host host1;
<host1> is the remote host host1 where the ssh connection is to be forwarded.
One interesting application, is to open an ssh tunnel via port forwarding in order to access a service running on remote host from the local client, i.e.:
<client1> #ssh -t -L 3128:localhost:3128 myuser@host1
TCP port 3128 is the default port used by SQUID proxy to redirect http requests; in this way, I can set my browser on local client to use localhost:3128 as http proxy, while actually redirecting browser requests to localhost:3128 toward host1:3128; the ssh tunnel provides an encrypted tunnel through which web browser sessions are channeled.
This is a common setup when you have, for example, a LAN firewall denying access to external networks or websites: in this way, if I have an external ssh server (host1) that is reachable through the LAN firewall, I can proxy web browser sessions through port 3128 on my local client, bypassing the LAN firewall restrictions.
Running
<client> # netstat -an
on local client you can actually see a TCP 3128 socket listening for incoming connection.
Other clients on the same LAN may even share the same network socket TCP:3128 on client1.
-- Case 1.2. - Multi-hop ssh port forwarding --
SSH port forwardind can be done also in more complex setups, for example you can use 'muyltiple hops' in order to reach the external server, i.e.:
<client> # ssh -t -L <client_local_port>:localhost:<remote_port_host1> <user1>@<host1> ssh -t -L <remote_port_host1>:localhost:<remote_port_host2> <user2>@<host2> ssh -t -N -L <remote_port_host2>:localhost:<remote_port_host3> <user3>@<host3>
]
== ssh reverse port forwarding ==
-- Case 2.1. - Single-hop reverse port forwarding --
First, the client machine establishes an ssh tunnel toward a remote host, thus creating a ssh tunnel; then from the remote host it is possible to establish a connection toward the client machine through the established tunnel.
Example:
on the client machine, on which we suppose an ssh server is locally running and listening on port 22:
<client> # ssh -t -R <host1_remote_port>:localhost:22 <host1user>@<host1>
where:
<host1_remote_port> is the port on the remote host host1 that we want to use in order to establish connections back to the client machine;
<host1user> is a user defined for ssh login on remote host host1;
<host1> is the remote host host1 where the ssh connection is to be forwarded.
Then, on the remote host host1 we establish a new connection back to local client via:
<host1> # sh -p <host1_remote_port> <client_user>@localhost
where:
<client_user> is a user defined on the host <client>
This trick is particularly useful whenever a way is needed to remotely connect to the machine <client> from outside the LAN, and this machine <client> is behind a firewall that denies connections fromthe outside.
-- Case 2.2. - Multi-hop reverse port forwarding --
In the reverse port forwarding a multi-hop reverse tunnel is also possible, i.e.:
on machine <client> we open a ssh reverse tunnel:
<client> # ssh -t -R <host1_remote_port>:localhost:22 <user1>@<host1>
ssh -t -R <host2_remote_port>:localhost:<host1_remote_port> <user2>@<host2>
ssh -t -N -R <host3_remote_port>:localhost:<host2_remote_port> <user3>@<host3>
Then from <host3> let's connect back to <client>:
<host3> # ssh -p <host3_remote_port> <client_user>@localhost
Hope this helped a little.
see ya
fra