What is ssh port forwarding? What's the use?

Preface

At first, I had a vague idea about the term "ssh port forwarding". It sounded obscure and difficult to understand. I didn't know what its function was or what its use was. So I started to look for relevant information, understand it, and use it. Later, I found that it was not that complicated. It was extremely easy to understand and use.

First of all, ssh port forwarding can be divided into: local port forwarding, remote port forwarding, and dynamic port forwarding. Below I will explain each type of port forwarding separately.

1. Local port forwarding

First run on your local host:

Format ssh -L local-port:target-host:target-port tunnel-host -N
Example ssh -L 8080:wwww.example.com:80 [email protected]

-L is the identifier for local port forwarding
local-port local port number
target-host target host
target-port target port number
tunnel-host acts as a forwarding server
-N means only forwarding, not logging into the server

At this time, local access to locahost:8080 is equivalent to remote access to www.example:com:80

Application scenarios:

If the remote host deploys a server on port 9888, but the firewall does not open this port,
If you want to access this 9888 locally, you can use the above example to bypass the firewall for ssh access. If the remote host is abroad, you can also bind the remote host's 80/443 to conduct scientific access.

2. Remote port forwarding

First run on your local host:

Format ssh -R remote-port:target-host:target-port tunnel-host -N
Example ssh -R 8888:localhost:8080 [email protected] -N

-R is the identifier for remote port forwarding
remote-port remote port number
target-host target host
target-port target port number
tunnel-host acts as a forwarding server
-N means it is only used as a forwarding, and you do not log in to the server. At this time, remote access to www.example:com:8888 is equivalent to local access to locahost:8080

Application scenarios:
If the local host deploys a server on port 9888, if the remote host wants to access the local 9888, you can use the above example

3. Dynamic port forwarding (SOCKS5)

Format ssh -D local-port tunnel-host -N
Example ssh -D 7999 [email protected] -N

-D is the identifier for local port forwarding
local-port local port number
tunnel-host acts as a forwarding server
-N means only forwarding, not logging into the server

Note that this forwarding uses the SOCKS5 protocol and cannot be directly accessed like local/remote port forwarding. We have to convert the http request to SOCKS5 before forwarding it. The following is a request usage case

curl -x socks5://localhost:7999 https://www.baidu.com
curl -x socks5://localhost:7999 https://www.weibo.com

At this time, local access to socks5://localhost:7999 https://www.baidu.com is equivalent to asking the remote server www.example.com to access https://www.baidu.com / https://www.weibo.com
You can also set the socks5 proxy binding 7999 through the browser. At this time, browsing any website will go to this proxy, and then this proxy will ask the remote machine for the request and return the request result to the socks5 proxy and then return it to the browser.

Application scenarios:

If your server is located abroad, then local access to foreign links is equivalent to scientific access. Support proxy QQ data, making the host without network become connected to the network.

4. What is the difference between local port forwarding and dynamic port forwarding?

The local port specifies the remote port number at the beginning, while the remote port number corresponding to dynamic port forwarding is unknown.
You can also understand that dynamic ports are actually what kind of request is made, and the corresponding port is automatically bound to us. The differences are as follows:
Local port L:8080 => R:80
Dynamic port L:8080 ⇒ R:N

Dynamic port forwarding is very powerful. It can not only handle HTTP, but also automatically adapt to other protocols and bind corresponding ports.

For example, if you want to access QQ from a computer without Internet access, those who have used QQ know that there is a proxy setting, so we can use dynamic port forwarding to achieve Internet access.

You can set the socks type and write the proxy address and port number in it, so that the data generated by QQ will be forwarded through the corresponding 111.222.333:1080

This way, even if the local machine has no network, I can use 111.222.333:1080 to help me forward data to have network access.

For example, in the following situation, a host without Internet access is also connected to the Internet through the proxy method.

5. Multi-level port forwarding

You can start multiple port forwarding locally, for example, we have a local machine A and two remote machines B and C
At this time, you want to access B through the local machine A to indirectly access C, that is, A -> B > C
Then it can be achieved with the help of multi-level forwarding. Let's look at the case:

Build the first ssh tunnel on the local machine

ssh -L 7000:localhost:3000 [email protected] -N

The remote machine www.example.com builds a second ssh tunnel by itself, which can be understood as monitoring itself.

ssh -L 3000:localhost:8000 [email protected] -N

The result is
L:7000 --> R:3000
R:3000 --> R:8000
Therefore, L:7000 can indirectly access R:8000

6. Conclusion

Local port forwarding: local request === remote request Remote port forwarding: remote request === local request Dynamic port forwarding: local access to all external requests === remote replacement to access all external requests

The above port forwarding types can be used in combination and are not limited to the same type. If you want to use forwarding to your advantage, you have to rely on practical application.

So far, this article is about what is ssh port forwarding? What's the use? This is the end of the article. For more relevant ssh port forwarding content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!