I feel confused about ssh port forwarding and the difference between ssh local and remote port forwarding. Could you please explain them in detail and with examples? Thanks!
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I have drawn some sketches
Introduction
-
local:
-L Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.ssh -L sourcePort:forwardToHost:onPort connectToHostmeans: connect with ssh toconnectToHost, and forward all connection attempts to the localsourcePortto portonPorton the machine calledforwardToHost, which can be reached from theconnectToHostmachine. -
remote:
-R Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.ssh -R sourcePort:forwardToHost:onPort connectToHostmeans: connect with ssh toconnectToHost, and forward all connection attempts to the remotesourcePortto portonPorton the machine calledforwardToHost, which can be reached from your local machine.
Examples
Example for 1
ssh -L 80:localhost:80 SUPERSERVER
You specify that a connection made to the local port 80 is to be forwarded to port 80 on SUPERSERVER. That means if someone connects to your computer with a webbrowser, he gets the response of the webserver running on SUPERSERVER. You, on your local machine, have no webserver running.
Example for 2
ssh -R 80:localhost:80 tinyserver
You specify, that a connection made to the port 80 of tinyserver is to be forwarded to port 80 on your local machine. That means if someone connects to the small and slow server with a webbrowser, he gets the response of the webserver running on your local machine. The tinyserver, which has not enough diskspace for the big website, has no webserver running. But people connecting to tinyserver think so.
More examples
Other things could be: The powerful machine has five webservers running on five different ports. If a user connects to one of the five tinyservers at port 80 with his webbrowser, the request is redirected to the corresponding webserver running on the powerful machine. That would be
ssh -R 80:localhost:30180 tinyserver1 ssh -R 80:localhost:30280 tinyserver2 etc.
Or maybe your machine is only the connection between the powerful and the small servers. Then it would be (for one of the tinyservers that play to have their own webservers):
ssh -R 80:SUPERSERVER:30180 tinyserver1 ssh -R 80:SUPERSERVER:30280 tinyserver2 etc
Method 2
Local Port forwarding
ssh creates an additional local port which it will forward to a port on the remote system.
example
ssh -L 8080:127.0.0.1:80 <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1d686e786f5d6a787f6e786f6b786f">[email protected]</a>
Then in your browser on local use URL http://localhost:8080/
it will connect to local machines port 8080, which ssh will forward on to remote ssh, and it will then make a request to 127.0.0.1:80. Note 127.0.0.1 is actually the remote server’s localhost, but it could have been a host/IP available at the remote machine’s network.
Remote forward
Asks ssh to create a listening port on the remote machine which it will forward back (Reverse) to the local ssh to forward on.
ssh -R 10123:127.0.0.1:123 <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e590968097a5928087968097938097">[email protected]</a>
So, after ssh connects to webserver, the remote ssh creates and lsitens on a port 10123. A process on webserver connecting to 10123, ssh will pick it up and send it back to the local machine’s ssh, which sends it on to 127.0.01:123 port.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0