Skip to content

Instantly share code, notes, and snippets.

@RaVbaker

RaVbaker/readme.md

Last active October 23, 2019 15:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save RaVbaker/2254636 to your computer and use it in GitHub Desktop.
Save RaVbaker/2254636 to your computer and use it in GitHub Desktop.
Download ZIP
[HOWTO] Forward ports a.k.a. make SSH Tunneling
Raw
readme.md

Syntax:

ssh -L localport:host:hostport user@ssh_server -N

where:

  • -L - port forwarding parameters (see below)
  • localport - local port (chose a port that is not in use by other service)
  • host - server that has the port (hostport) that you want to forward
  • hostport - remote port
  • -N - do not execute a remote command, (you will not have the shell, see below)
  • user - user that have ssh access to the ssh server (computer)
  • ssh_server - the ssh server that will be used for forwarding/tunneling

Without the -N option you will have not only the forwardig port but also the remote shell. Try with and without it to see the difference.

Note:

  1. Privileged ports (localport lower then 1024) can only be forwarded by root.
  2. In the ssh line you can use multiple -L like in the example...
  3. Of course, you must have ssh user access on secure_computer and moreover the secure computer must have access to host:hostport
  4. Some ssh servers do not allow port forwarding (tunneling). See the sshd man pages for more about port forwarding (the AllowTcpForwarding keyword is set to NO in sshd_config file, by default is set to YES)...

Example:

ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N 
ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 \ 
25:mail.linuxhorizon.ro:25 user@computer -N

The second example (see above) show you how to setup your ssh tunnel for web, pop3 and smtp. It is useful to recive/send your e-mails when you don't have direct access to the mail server.

For the ASCII art and lynx browser fans here is illustrated the first example:

   +----------+<--port 22-->+----------+<--port 80-->o-----------+ 
   |SSH Client|-------------|ssh_server|-------------|   host    | 
   +----------+             +----------+             o-----------+ 
  localhost:8888              computer      www.linuxhorizon.ro:80

...And finally: Open your browser and go to http://localhost:8888 to see if your tunnel is working. That's all folks!

The SSH man pages say:

-L port:host:hostport Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. Only root can for- ward privileged ports. IPv6 addresses can be specified with an alternative syntax: port/host/hostport

-N Do not execute a remote command. This is useful for just for- warding ports (protocol version 2 only).

If you need additional infos or Q&A please go to Contact Page for our e-mail addresses...

Source http://www.linuxhorizon.ro/ssh-tunnel.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment