Port number used by server when using dynamic port forwarding in SSH?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Port number used by server when using dynamic port forwarding in SSH?
Common practice is to use the Dynamic port forwarding feature of SSH to make a secure connection while browsing the web, i.e.
ssh -D 1234 me@some_server
where "me" is my user login ID and "some_server" is a trusted server somewhere that is running SSHD. If I configure my web-browser to use a socks proxy with the socks host set to "localhost" (or 127.0.0.1) and port set to 1234, I can browse the web and the web servers will think the traffic is to/from server "some-server" rather than my local computer. Not to mention that the connection between my local computer and "some_server" will now be encrypted.
But what port number is the server "some_server" using for communication to/from the other web servers on the internet? I know the connection between my local computer and "some_server" is using port 22 (standard SSH port), but what port is "some_server" using to request/receive internet traffic?
I know typical HTTP servers listen on port 80. And I believe the web-clients use the ephemeral/dynamic ports (ports 49152 to 65535). I'm a little unclear on which ports are used to/from web-server and "some_server."
Any help people could offer to clear this up fro me would be greatly appreciated!
just about all client connections use ephemeral ports, if that's what you mean. This is something that the operating system handles, so will happen to all tcp/ip connections unless instructed otherwise (e.g. ntp which is on udp/123 on both ends)
Also note the ephemeral port range varies a lot, there is no fixed range.
What seems odd to me is that a web-browser running directly on "some_server" is unable to connect to the internet, yet a web-browser running on my local PC configured to use SSH and socks proxy through "some_server" has no problem reaching the internet. I know "some_server" sits behind a firewall and that many ports are blocked, so I'm not surprised that the web-client on "some_server" wouldn't work. But I am surprised that SSH tunneling from my PC to "some_server" does work. I can browse the web from my PC and I've confirmed that the web sees the IP address of "some_server" rather than my local PC.
Is it possible that "some_server" would use port 22 to request/receive internet traffic when my local PC is configured for SSH tunneling?
from what you've described, it sounds like you must be missing something simple. using a server for socks proxying, the server IS going to the remote site, there's no difference in the network traffic. A TCP/IP connection will use a local ephemeral port and a specific remote port, 80 or 443, whichever way round you try it. A better comparison would probably be to use curl on the proxy machine to grab a site, that should work if the ssh route does.
Problem fixed. Turns out that the server's network settings for DNS were configured wrong. I'm guessing the fact that SSH tunneling worked is a red-herring and that DNS lookup using SSH tunneling must be done on the client-side rather than server-side, and that's why the server was still able to properly request/receive internet traffic.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
