-
-
Save Prototype-X/5bf22ea49eda5cb2c707edf18e83a80c to your computer and use it in GitHub Desktop.
ssh port forwarding cheatsheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# local port forwarding | |
# the target host 192.168.0.100 is running a service on port 8888 | |
# and you want that service available on the localhost port 7777 | |
ssh -L 7777:localhost:8888 user@192.168.0.100 | |
# remote port forwarding | |
# you are running a service on localhost port 9999 | |
# and you want that service available on the target host 192.168.0.100 port 12340 | |
ssh -R 12340:localhost:9999 user@192.168.0.100 | |
# Local proxy through remote host | |
# You want to route network traffic through a remote host target.host | |
# so you create a local socks proxy on port 12001 and configure the SOCKS5 settings to localhost:12001 | |
ssh -C2qTnN -D 12001 user@target.host | |
# How to use socks proxy | |
sudo apt install dante-client | |
nano /etc/dante.conf | |
# clients going anywhere else go via server listening at | |
# IP address 127.0.0.1, port 12001. Note that unless you have | |
# specified a direct connection for DNS, or the socksserver is resolvable | |
# without network traffic, you can't give a hostname for the socksserver, | |
# you must give a IP address. (the reasons for that are logical enough, | |
# you would create a loop otherwise.) | |
route { | |
from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 12001 | |
protocol: tcp udp # server supports tcp and udp. | |
proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5. | |
method: none #username # we are willing to authenticate via | |
# # method "none", not "username". | |
} | |
# test socks proxy | |
user@linux:~# socksify telnet 1.1.1.1 | |
user@linux:~# socksify ssh user@1.1.1.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment