SSH port forwarding, or TCP/IP connection tunneling, is a process whereby a TCP/IP connection that would otherwise be insecure is tunneled through a secure SSH link, thus protecting the tunneled connection from network attacks.
In other words, port forwarding, or tunneling, is a way to forward insecure TCP traffic through SSH Secure Shell.
There are two kinds of port forwarding:
1. Local port forwarding and
2. Remote port forwarding
They are also called outgoing and incoming tunnels, respectively.
Syntax:
Local port forwarding :
ssh SSHHOST -L LPORT:RHOST:RPORT
[You can use SSHHOST and RHOST as same or different]
Remote port forwarding :
ssh SSHHOST -R RPORT:LIP:LPORT
Example for local port forwarding:
Aim : Access a service (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80) on machine “YY.YY.YY.YY”
From your shell type:
ssh root@XX.XX.XX.XX -L 10000:YY.YY.YY.YY:22
Then, from your local machine, you should be able to connect to YY.YY.YY.YY by
ssh root@localhost -p 10000
Example for Remote Port Forwarding:
Aim : Access a service in your home machine from your office (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80)
From your machine at home type following:
ssh root@server1SSHHOST.COM -R 10000:192.168.1.19:22
Then SSH to the server “server1SSHHOST.COM” from your machine at office and type following.
ssh root@localhost -p 10000
Note : Don’t forget to open necessary ports on any firewall either at home or work.
