SSH Port forwarding is a method used for securing TCP/IP connections. The TCP/IP packets can be tunneled through a SSH link making the data obscure thus protecting the link from attacks. SSH Port forwarding can be also seen as a form of Virtual Private Network(VPN).
Types of Port Forwarding:
There are 2 main types of port forwarding: Local Port Forwarding, and Remote Port Forwarding. These are explained as following below.
- Local Port Forwarding:
Suppose you are on a local network that restricts access to a site, let us suppose example.com. To work around this we could create a tunnel through a server that is not on our network and thus has access to example.com. The command we would use is:
ssh -L 9090:example.com:80 email@example.com
The -L flag here tells that local port forwarding is being used. So, what the above command does is it forwards the data on local port 9090 to the server which has access to example.com through a secure SSH connection. Note here that admin is a user on the server. Now visit example.com on your browser.
A second scenario would be a situation in which you want to access a service on the server which is open only on localhost for security reasons. You would use the following command:
ssh -L 9090:localhost:3306 firstname.lastname@example.org
Make a note here that localhost in the command is from the perspective of the server. The server is running a MySQl service on port 3306 and it allows only local connections.
- Remote Port Forwarding:
The command for remote forwarding is
ssh -R 9090:example.com:80 email@example.com
-R flag specifies that requests on remote server port(9090) should be forwarded to example.com which is on the local network at port 80. Now if we make a request to the server on port 9090 you would get a reply from example.com.
Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.
- Internal/External Forwarding Rule in GCP
- Program for IP forwarding table lookup
- Selective forwarding Attack in wireless Sensor Network
- Network Layer Services- Packetizing, Routing and Forwarding
- Port Security in Computer Network
- Type-C Port in Computer Network
- Port Address Translation (PAT) mapping to Private IPs
- Explicitly assigning port number to client in Socket
- Port Address Translation (PAT) on Adaptive Security Appliance (ASA)
- Difference Between Network Address Translation (NAT) and Port Address Translation (PAT)
- Fundamental Features of MQTT
- Different Transmission States of SDLC
- Introduction of Light Fidelity (Li-Fi)
- Future of Cloud Computing
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.