Tag Archives: tunneling

SSH Port Forwarding (SSH Tunneling)

http://www.linuxhorizon.ro/ssh-tunnel.html

Syntax:
ssh -L localport:host:hostport user@ssh_server -N
where:

-L – port forwarding parameters (see below)
localport – local port (chose a port that is not in use by other service)
host – server that has the port (hostport) that you want to forward
hostport – remote port

-N – do not execute a remote command, (you will not have the shell, see below)
user – user that have ssh access to the ssh server (computer)
ssh_server – the ssh server that will be used for forwarding/tunneling

Without the -N option you will have not only the forwarding port but also the remote shell. Try with and without it to see the difference.

Note:
1. Privileged ports (localport lower then 1024) can only be forwarded by root.
2. In the ssh line you can use multiple -L like in the example…
3. Of course, you must have ssh user access on secure_computer and moreover
the secure computer must have access to host:hostport
4. Some ssh servers do not allow port forwarding (tunneling). See the sshd man
pages for more about port forwarding (the AllowTcpForwarding keyword is set to
NO in sshd_config file, by default is set to YES)…

Example:
ssh -L 4443:10.0.0.138:80 user@example.org -N
ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N
ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 25:mail.linuxhorizon.ro:25 user@computer -N

The second example (see above) show you how to setup your ssh tunnel for web, pop3
and smtp. It is useful to recive/send your e-mails when you don’t have direct access
to the mail server.

For the ASCII art and lynx browser fans here is illustrated the first example:

   +----------+<--port 22-->+----------+<--port 80-->o-----------+ 
   |SSH Client|-------------|ssh_server|-------------|   host    | 
   +----------+             +----------+             o-----------+ 
  localhost:8888              computer      www.linuxhorizon.ro:80 

Open your browser and go to http://localhost:8888 to see if your tunnel is working.