Sep 24, 2024 16:30:00

A clear visual guide to setting up port forwarding and tunneling using SSH

'

Port forwarding ' is a technique to forward communication to a specific port to another computer or port via SSH. Although the author's identity is unknown, an expert engineer has published a clear visual guide on his personal blog on 'what commands to use and what forwarding settings to use.'

Visual guide to SSH tunneling and port forwarding - ITTAVERN.COM
https://ittavern.com/visual-guide-to-ssh-tunneling-and-port-forwarding/

The '-J' option of SSH allows you to set up tunneling. For example, the command 'ssh -J user@REMOTE-MACHINE:22 -p 22 [email protected]' allows you to connect to the machine at 10.99.99.1 via the remote machine via SSH. The background colors of the commands in the figure below indicate which part of the figure is being set.

The '-L' option of SSH allows you to set up forwarding of communication received locally to the remote machine. The command 'ssh -L 10.10.10.1:8001:localhost:8000 user@REMOTE-MACHINE' means that communication to '10.10.10.1:8001' will be forwarded to 'localhost:8000' on the remote machine.

If you set 'ssh -L 8001:10.99.99.1:8000 user@REMOTE-MACHINE', the setting will be 'forward communication received on port 8001 to port 8000 on 10.99.99.1 via the remote machine.' If you omit the local address, only communication from within the local machine will be forwarded.

Conversely, the '-R' option of SSH forwards remote connections to local. By writing the command 'ssh -R 8000:localhost:8001 user@REMOTE-MACHINE', you can 'forward communications arriving at port 8000 on the remote machine to port 8001 on the local machine.'

You can also forward traffic to other servers via your local machine. 'ssh -R 8000:10.10.10.2:8001 user@REMOTE-MACHINE' means 'forward traffic to port 8000 on the remote machine to port 8001 on 10.10.10.2 via your local machine.'

By entering the remote address like 'ssh -R 10.99.99.2:8000:10.10.10.2:8001 user@REMOTE-MACHINE', you will be able to forward communications from outside the remote machine as well.

The '-D' option of SSH allows you to set up dynamic port forwarding using

the SOCKS protocol . After establishing port forwarding with 'ssh -D 10.10.10.1:5555 user@REMOTE-MACHINE', you can access all servers and ports that can be connected to from the remote machine via the remote machine by specifying the destination with 'curl -L -x socks5://10.10.10.1:5555 brrl.net/ip'.

You can also run the command in the background by specifying the '-f' option in SSH, and not use the command at the destination by using the '-N' option. If you are only configuring port forwarding, it is recommended that you use these two options together.