Log in

No account? Create an account

GEEK: port forwarding example - Open Knowledge — LiveJournal

Jul. 3rd, 2007

10:08 am - GEEK: port forwarding example

Previous Entry Share Next Entry

For an explanation of the theory, see this article.

$ ssh -N -L 8000:discuss-test:80 vader

-N — Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only)

-L [bind_address:]port:host:hostport —

Specifies that the given port on the local host is to be forwarded to the given host and port on the remote side. (See example below) This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.

For example:

-L 8000:discuss-test:80 vader

8000 — port on the local client to be forwarded to the given host and port on the remote side
discuss-test — remote host
80 — port on the remote side

vader — intermediate server

Original: craschworks - comments


[User Picture]
Date:July 3rd, 2007 11:47 pm (UTC)

Super handy!

Yeah, I use the -L trick a lot, although mostly to the same host that I'm sshing to. It's super handy for SMTP forwarding, and if you have a proxy server somewhere handy is also great for web surfing on networks you don't trust (good for coffee shops and such).

I've also noticed a tool called "autossh" in my Ubuntu package repository that's supposed to do the hard bits of maintaining an SSH connection through intermediate network issues. Haven't used it yet, but I may soon.

(Reply) (Thread)
[User Picture]
Date:July 4th, 2007 02:54 am (UTC)
yeah, but you stilll need at least a little shell script around it in case the connection falls over.

while true; do
ssh whatever
sleep 1

The "-g" switch is also handy.
(Reply) (Thread)
[User Picture]
Date:July 5th, 2007 10:11 pm (UTC)
I do it all the time. I use ssh through the firewall at work to my firewall/NAT at home. Then I port foward 5900 on my local client to my home Windows box, which is running VNC. Bam, I can get to my home machine's desktop from work through 2 firewalls.
(Reply) (Thread)