Shulou(Shulou.com)06/02 Report--

This article is about how to use ssh port forwarding. Xiaobian thinks it is quite practical, so share it with everyone for reference. Let's follow Xiaobian and have a look.

1. Local port forwarding

First run on local host:

Case ssh -L local-port:target-host:target-port tunnel-host -N Case ssh -L 8080: www.example.com:80 root@wwww.example.com

-L is the identifier of local port forwarding

local-port Local port number

target-host

target-port target port number

tunnel-host as forwarding server

-N means only as a forward, do not log into the server

Local access to locahost:8080 is equivalent to remote access to www.example:com:80

Application scenarios:

Suppose the remote host deploys a server on port 9888, but the firewall does not open this port,

If you want to access this 9888 locally, you can use the above example to bypass the firewall for ssh access. If the remote host is foreign, you can also bind the remote host's 80 / 443 for scientific access.

2. remote port forwarding

First run on local host:

Case ssh -R remote-port:target-host:target-port tunnel-host -N Case ssh -R 8888:localhost:8080 root@wwww.example.com-N

-R is the identifier of remote port forwarding

remote-port Remote port number

target-host

target-port target port number

tunnel-host as forwarding server

-N means only as a forward, do not log into the server

Remote access to www.example:com:8888 is equivalent to local access to locahost:8080

Application scenarios:

If the local host deploys a server on port 9888, the remote host can use the above example if it wants to access the local 9888.

3. Dynamic port forwarding (SOCKS5) format ssh -D local-port tunnel-host -N case ssh -D 7999 root@wwww.example.com-N

-D is the identifier of local port forwarding

local-port Local port number

tunnel-host as forwarding server

-N means only as a forward, do not log into the server

Note that this forwarding uses SOCKS5 protocol and cannot be accessed directly like local/remote port forwarding

We have to convert http requests to SOCKS5 to forward them. Here are the request use cases

curl -x socks5://localhost:7999 https://www.baidu.comcurl -x socks5://localhost:7999 https://www.weibo.com

Visiting socks5://localhost:7999 https://www.baidu.com locally is equivalent to having the remote server www.example.com visit https://www.weibo.com https://www.baidu.com

You can also set Socks5 proxy binding 7999 through the browser, at this time browsing any website will go to this proxy, and then this proxy will ask the remote machine request and return the request result to Socks5 proxy and then return to the browser.

Application scenarios:

If your server is foreign, then local access to foreign links is equivalent to scientific access. Support proxy qq data, so that no network host into a network.

4. What is the difference between local port forwarding and dynamic port forwarding?

local port specifies the remote port number at the beginning, while dynamic port forwarding corresponds to an unknown remote port,

You can also understand that dynamic ports are actually what type of request, and automatically bind the corresponding ports to us. Their differences are as follows:

Local port L:8080 => R:80

Dynamic port L:8080 <$R:N

Dynamic port forwarding is very powerful, it can not only handle http, but also automatically adapt other protocols and bind corresponding ports.

For example, if a computer without a network wants to access qq, those who have used qq all know that there is a proxy setting, so we can implement a network through dynamic port forwarding.

You can set the socks type inside and write the proxy address and port number, so that the data generated by qq will be forwarded through the corresponding 111.222.333:1080.

So that the local machine does not have a network but can help me forward data with the help of 111.222.333:1080 to become a network.

For example, the following situation is also the same through the proxy way to make no network host into a network.

5. multistage port forwarding

You can enable multiple port forwarding locally, for example we have local machine A and two remote machines B, C

In this case you want to access C indirectly by accessing B from local machine A, i.e. A -> B > C

Then it can be realized by means of multi-level forwarding. Let's look at the case:

Local machine builds first SSH tunnel

ssh -L 7000:localhost:3000 root@www.example.com -N

The remote machine www.example.com builds its own second ssh tunnel, which can be understood as listening to itself.

ssh -L 3000:localhost:8000 root@www.example.com -N

result is

L:7000 --> R:3000

R:3000 --> R:8000

So L:7000 can access R:8000 indirectly.

Thank you for reading! About "how to use ssh port forwarding" this article is shared here, I hope the above content can be of some help to everyone, so that everyone can learn more knowledge, if you think the article is good, you can share it to let more people see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.