SSH Port Forwarding SSH Tunneling Tricks Tips


sh  -L  (host1-specifed by user)Local port:Host3-IP-ADDRESS:(host3-Service Port)Remote-Port  Host2-IPADDRESS
1)These Port Forwarding Technique Permit to communicate external Predetermine Network Port(routing).
2)ssh tunneling is encapsulate the network protocol to another protocol.
Use service like HTTP,VNC, FTP.SMTP, IMAP, POP, LDAP.
Advantage :
1) Without having the root privilege to forward the port using ssh.
2)Take the service for non rout able IP via SSH tunneling.
Disadvantage :
1)For each service we have to set the separate port number.

1)Dynamic Port Forwarding (SSH -D) we have to specify the Socky proxy in Browser.
2)Local Port Forwarding (SSH -L) there is no need to specify the proxy, Instead we have to specify the Port number in IP like localhost:7000
root@ -L 7000:localhost:80

SYNTAX :Host1#ssh  -L  (host1-specifed by user):Host3-IP-ADDRESS:(host3-Service Port)  Host2-IPADDRESS
root@  -L  7000:
NOTE: 7000 Port is specified by user
5900 Port is vncservice port
Scenario 1) we are connecting from via to, taking service for non rout-able IP.
NOTE 1: Port Forwarding it is just Forward PORT not IP address so while access we have to use host name as localhost(or) specify the port number.
Note 2: Port 7000 is bind at the client side, So what are the request sent to the port 7000 -> ssh client -> forward to the ssh server
3)Remote Port Forwarding : Mainly it is not used, it is little bit confuse, connections from the SSH server are forwarded via the SSH client, then to a destination server(reverse to the Local Forwarding) .
Usage : From the client machine access service.

Windows Port Forwarding Using PUTTY: we have to use the putty software. In SSH-> Tunnel we have to specify
a) Source Port
b) Destination IP : Destination Service Port number.
Like :

SSH Tunneling Verification
# w | grep "ssh -L" [ SSH Server SIDE]
root pts/14 :1.0 12:27 4:47 0.34s 0.31s ssh -L 7000:192
# netstat -tulpn | grep Port-Number [ Here Port number is 7000]
tcp 0 0* LISTEN 27080/ssh 
HOST1#netstat -tulpn | grep 7000
tcp        0      0    *                   LISTEN      7651/ssh           
tcp        0      0 ::1:7000                    :::*                        LISTEN      7651/ssh  
HOST3:# netstat -tulpn | grep 5900
tcp        0      0 :::5900                     :::*                        LISTEN      35277/vino-server

SSH Tunneling Example
1)#ssh -L 7001:192.168.102.XXX:80 user@202.41.64.XXX (Port Forwarding HTTP Web Browser) To view #http://localhost:7001/
2)#ssh -L 7000:192.168.103.XXX:5900 user@202.41.64.XXX (Port Forwarding the VNCVIEWER). To View #vncviewer localhost:7000:1 

Getting Error Message : channel 3: open failed: connect failed: No route to host

Try to connect port with telnet to check whether is able to connect or not.
$ telnet localhost 7000

No comments:
Write comments