SSH Port forwarding is a method used for securing TCP/IP connections. The TCP/IP packets can be tunneled through a SSH link making the data obscure thus protecting the link from attacks. SSH Port forwarding can be also seen as a form of Virtual Private Network(VPN).
Types of Port Forwarding:
There are 2 main types of port forwarding: Local Port Forwarding, and Remote Port Forwarding. These are explained as following below.
- Local Port Forwarding:
Suppose you are on a local network that restricts access to a site, let us suppose example.com. To work around this we could create a tunnel through a server that is not on our network and thus has access to example.com. The command we would use is:
ssh -L 9090:example.com:80 email@example.com
The -L flag here tells that local port forwarding is being used. So, what the above command does is it forwards the data on local port 9090 to the server which has access to example.com through a secure SSH connection. Note here that admin is a user on the server. Now visit example.com on your browser.
A second scenario would be a situation in which you want to access a service on the server which is open only on localhost for security reasons. You would use the following command:
ssh -L 9090:localhost:3306 firstname.lastname@example.org
Make a note here that localhost in the command is from the perspective of the server. The server is running a MySQl service on port 3306 and it allows only local connections.
- Remote Port Forwarding:
The command for remote forwarding is
ssh -R 9090:example.com:80 email@example.com
-R flag specifies that requests on remote server port(9090) should be forwarded to example.com which is on the local network at port 80. Now if we make a request to the server on port 9090 you would get a reply from example.com.
- Program for IP forwarding table lookup
- Type-C Port in Computer Network
- Port Security in Computer Network
- Explicitly assigning port number to client in Socket
- Port Address Translation (PAT) on Adaptive Security Appliance (ASA)
- Difference Between Network Address Translation (NAT) and Port Address Translation (PAT)
- Count of even and odd power pairs in an Array
- Serial I/O Lines in 8085 Microprocessor
- IEEE 802.6 (DQDB)
- Object Oriented Testing in Software Testing
- Working of ISO-OSI Model
- Availability in Information Security
- Security of RSA
- Digital Certificate Creation
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.