SSH Port Forwarding – Remote Access behind firewall – a poor man’s VPN

March 18, 2009 | In Linux | 1 Comment

Problem
Needed method to connect software via ssh on machine A to a firewalled machine C. I had ssh access to another machine behind firewall B. Did not want to VPN because only want port 22 traffic to go through to work.

Solution
Forward port 2222 traffic of machine (A) to port 22 of my work machine(B) which in turn connects to the server(C).

/************** TUNNELING **********************/
/********* USE THESE 2 COMMANDS ****************/
/********************************************/
# route through boxB to serverC
sudo ssh -L 2222:serverC.com:22 boxB.com

# to connect to server C from boxA, ssh through 2222
ssh -p 2222 serverCusername@localhost

/********************************************/
restated:

Local to Remote forwarding
With local to remote forwarding, a connection to your machine is forwarded to the remote machine, and made from there. This allows you to access network resources as if you where the remote machine. A common use is to forward your SMTP connections so you can send emails from your normal server (eg when connected to a network which blocks port 25), eg: ssh -L 2525:mailserver.myoffice.com:25 login.myoffice.com
will send all connections to port 2525 on your local machine over the ssh link to login.myoffice.com, which will then connect them to port 25 of mailserver.myoffice.com.

http://www.torchbox.com/blog/ssh_tips_1.html

man ssh to see the -L switch:

-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syn?
tax: [bind_address/]port/host/hostport or by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.

Powered by WordPress RSS XMLRSS Feed - Syndicate this Site and comments feed
linux GNUpowered by Apache tomcatMySQL ABPHP - The Language the Web Runs on

^Top^ Gare CalhounGare CalhounGare CalhounGare CalhounGare Calhoun