Shulou(Shulou.com)06/01 Report--

I've been struggling with what port forwarding is, now write down my understanding, and try local port, remote port forwarding.

SSH (Secure Shell, secure Shell Protocol) transmits data on the SSH channel through encryption. Each connection SSH will perform fingerprint check to confirm that the user is connected to the correct remote host. If the data of other protocols is forwarded through the SSH port, the SSH connection is used as a channel (tunnel) for transmission of other protocols, which is also called SSH port forwarding or SSH tunnel.

Function: encrypt data transmission and break through firewall restrictions

Classification: local forwarding, remote forwarding, dynamic forwarding

1. Local port forwarding

Local in local forwarding refers to forwarding a local port to a port of another host, so that when our program connects to this port, it is indirectly connected to a port of another host. When we send a packet to this port, the packet is automatically forwarded to that remote port.

Command syntax: ssh-L [bind-address:] port:host:hostport server_address

Explain below: bind_address represents the ip (binding address) of the local host, which is for the system with multiple network cards. The default is 127.0.0.1 if not specified.

Port: the port on which the local host specifies to listen

Host: ip of the remote host

Hostport: specify the port of the remote host. If the remote host is HTTP, it is 80jinFTP (21).

Server_address: the ip of the remote host, or another ip that can access the remote host (we understand it through experiments)

There are a few other parameters to know:

-L: specifies that the specified port on the local (client) host is forwarded to the given remote host and port

-N: do not execute remote instructions

-f: execute in the background

Experiment: host A (192.168.31.100), host B (192.168.31.150) and host C (192.168.31.163)

A, B and C can all be connected to each other.

Execute the command on host A: # ssh-Nf-L 192.168.31.100 VR 7900VR 192.168.31.163Rd 22 192.168.31.150

It should be noted that in this example, we select port 7900 as the local listening port. When selecting the port number, we should note that the non-administrator account does not have the right to bind port 1-1023. Therefore, it is generally possible to choose a port number between 1024 and 65535 that has not yet been used.

After executing this command, we found that the terminal did not respond, that is because it was put into the background to execute, so how do we know if port forwarding is open?

Netstat-nt: lists the ports of tcp network data

Netstat-ntlp: lists the network connection ports and PID that the system has been listening to

In the figure above, we found that port 7900 of host A has been monitored by ssh (ssh is the customer service side), and a SSH tunnel has been established with 192.168.31.150 (host B), and we know that host B and host C can communicate. When we can access through the port of host A, we actually use host B indirectly to access it. For effect, we can use host C to access host A: (- p: is the designated remote port)

Execute on host C: ssh 192.168.31.100-p 7900 (if there is no tunnel before, when host C logs in to host A, the login ip must be the ip of host C. after the tunnel, the tunnel established through the port of host An and host B is the ip where host B logs in)

Above we talked about the command syntax: ssh-L [bind-address:] port:host:hostport server_address

Server_address can be different from host, or it can be the same.

# ssh-Nf-L 192.168.31.100WR 7900Rose 192.168.31.163Rd 22 192.168.31.163

The above one means that "192.168.31.100" and "192.168.31.163" build a ssh tunnel.

As long as it is accessed through the "port" of 192.168.31.100, it is equivalent to the access of 192.168.31.163.

Experiment 2: host C (192.168.31.163) does not allow host An access, but allows host B access, through ssh tunnel An access C

Build the environment: in order to prevent host A from accessing on host C, you can add a line to the configuration file / etc/hosts.deny: "sshd:192.168.31.100", plus the ip of host A.

The connection has been closed

The environment is set up, and we execute it on host A: ssh-Nf-L 192.168.31.100V 9000Rose 192.168.31.163Rd 22 192.168.31.163

With the tunnel, we execute on host A that has been denied access: ssh-p 9000 192.168.31.100 (which means connecting port 9000 of host A, and port 9000 is connected to host B as a tunnel, and when using port 9000 of host A, we are using host B to access, so it doesn't matter if host An is disabled)

Finally, it is important to note that if you want to close a ssh tunnel, you can only kill the relevant process with kill, and when the tunnel is closed, the specified connection will also be closed.

Second, remote port forwarding can access the intranet.

SSH remote port forwarding:

Remote forwarding is very similar to local forwarding, and the principle is similar, but the difference is that local forwarding is a port specified by the local host, while remote forwarding specifies a port on the remote host to forward connections to that port to the local port. In essence, the difference lies in whether the port to be forwarded is on the remote host or on the local host mountain.

However, the command options used for remote forwarding are also different:

Ssh-R [bind-address:] post:host:hostport server_address

What needs to be noted here is:

Bind-address specifies the remote host ip, not the native

Port: the port on which the remote host specifies to listen

Host: the host you need to access

Hostport: specify the port of the host being accessed

Server_address: the remote host and who? The tunnel built, who is designated?

We all know that the internal network can access the external network through the router (SNAT), but the external network cannot access the internal network. We use ssh to access the internal network. To build this kind of environment, the first thing I think of is the NAT mode of VMware. I set the host C to NAT mode.

Host AVR 192.168.31.100 (external network)

Host BRV 192.168.31.150 (external network)

Host Carex 192.168.200.133 (intranet)

Execute the command on host C: ssh-Nf-R 192.168.31.150 9000Vera 192.168.200.133R22 192.168.31.150

Netstat-nt:

Host C has established a tunnel with 192.168.31.150 (host B).

When you execute netstat-ntlp on host C, there is no listening port 9000, because you are opening a port on the other host, you need to execute netstat-ntlp on host B:

We found that 127.0.0.1virtual 9000 what does this mean? This means that the local machine does not specify a random ip, which is too dangerous, and then it becomes sshd snooping, that is, the ssh server, so we also call it a reverse tunnel.

Execute on host B of the external network: ssh-p 9000 127.0.0.1

It is no longer ssh-p 9000 192.168.31.150, complete.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.