An abstract question on port forwarding and ssh tunnels.

uncle-c · 11-03-2007, 07:54 AM

Hi there,
I'm trying to understand the concept of SSH tunnelling and port forwarding and was wondering if someone could explain some of the technicalities.

Server A: 192.168.0.3:80 (HTTP)

SSH Box : 192.168.0.2 (SSH server)

Local Machine : 192.168.0.1

The Local machine cannot connect to Server A (port 80) directly, but it can connect to SSH Box, which in turn can connect to Server A.
So Local Machine connects to SSH Box ( using ssh )and I forward the connection from Server A onto my Local Machine ( via SSH BOX) on an unused port, e.g 3500 . This is the section I need explaining :
I often use Putty on XP and when I SSH to remote linux server port 22 the initial connection is made via an unused port, say 2150 on the Local Machine (found using netstat) .
Now this "information channel" between p2150 (lm) and p22(server) is encrypted and safe. So when I want data to be forwarded to port 3500, am I in essence telling the computer to divert the "encrypted data" from the port2150-port22 "channel" to the Web Browser via port 3500 ?? Port 3500 has no real direct contact with port 22 on the SSH Box or the outside world. Or does it ?
Could someone explain to me the role of all three ( in my case 2150, 22 and 3500) ports in this ??
I wrongfully thought that the Putty connection in the above case would be :

port3500(Local Machine)-----port22(SSH Box)

Is the actual layout something similar to below ???

http://i4.tinypic.com/4tghr7o.jpg

Local Machine port 2150 <---------->port 22 SSH BOX <----> HTTP :80
|
| <- port 3500
|
Web Browser

Thanks again !

Uncle.

acid_kewpie · 11-03-2007, 08:27 AM

ok, so the client port, 2150, is really irrelevant as far as you are concerned. that's simply the other end of the tcp connection to the remote host, at tcp level, it plays no visible part for you. When you do set up that tunnel port, then the ssh client starts up a server connection on your local machine on a specified port. assuming you're not an administrator on the client, then that port has to be over 1024, outside of that though, you can pick any port at all. So without reading too much into phrases like "client" and "server", in the strictest sense your ssh client is now "serving" port 3500. you then use that port as it it were the destination (as you know) so you have a second tcp session from another random local port, called an ephemeral port btw, as the "client" and local port 3500 as the "server" port. this connection is then accepted by ssh and handled however it sees fit.