SSH Port Forwarding

Posted on December 13, 2010

0


Abstract

This is a mini write-up which explains about SSH Port forwarding. I find this hassle free port forwarding facility provided by SSH preety useful. This document here contains the details about the usage of it.

I sincerely hope, that this tutorial explains the SSH port forwarding upto your expectation. Feel free to contact me, to tell me you valuable comments about this article. You can find my email ID in contact-me section of this website.

Introduction

SSH port forwarding (also refered as SSH tunneling), is a way to forward insecure TCP traffic through SSH. POP3, SMTP, HTTP connections can be forwarded with SSH. There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively. Local port forwarding forwards traffic coming to a local port to a specified remote port. For example, all traffic coming to port 1234 on the client could be forwarded to port 23 on the server (host).

Hands on Port Forwarding

All the opinions presented here are my personal opinions and any trouble you might end up to by trying this out would not be my responsibility. So, please be responsible when trying out my ways.

Note that, I desire to forward proxy2.lnmiit.ac.in:3128 (Port 3128 is proxy-server port) as port 9898 on users.lnmiit.ac.in . So that, I can accessproxy2.lnmiit.ac.in:3128 as users.lnmiit.ac.in:9898

To do such a thing, please note that I need SSH access only on users.lnmiit.ac.in and SSH access on proxy2.lnmiit.ac.in is not required. Execute the following command on users.lnmiit.ac.in.

kuse@users.lnmiit.ac.in $ ssh -N -g -f -L 9898:proxy2.lnmiit.ac.in:3128 kuse@127.0.0.1

Let me explain the above command to you.

-N : Do not get shell after login. ie. do noting after login.
-g : Gateway
-f : Go to background after login
-L : Local Port forwarding

The commands means that, I need to forward port 3128 on proxy2.lnmiit.ac.in as port 9898 on 127.0.0.1 (In this case, users.lnmiit.ac.in). -N -f has been used so that the process goes in back-ground and do not get terminated on closing the session (original terminal connection to users.lnmiit.ac.in). -g has been used so that 9898 is bind on all the attached IPs or LAN Cards (Note that, you can have multiple LAN cards attached to your computer for having multiple Ips).

Advanced use of Port Forwarding in General

  • To give a secure access for services which are not SSL enabled (eg. HTTP, SMTP).
  • SSH port forwarding can act as a poor man’s VPN (Virtual Private Network).
  • Port forwarding in general can be used for load distribution in case of clusters (http://en.wikipedia.org/wiki/Load_balancing_%28computing%29). For your information, in another of our project we have used this very concept of port forwarding to build a load-balancer for clustering proxy-server. You can get details of implementation here.
Advertisements