LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 11-03-2007, 08:54 AM   #1
uncle-c
Member
 
Registered: Oct 2006
Location: The Ether
Distribution: Fedora 14, Ubuntu , Slax 5.1.8, OpenSolaris, Centos 4.8
Posts: 296

Rep: Reputation: 30
An abstract question on ports wrt port forwarding and ssh tunnels.


Hi there,
I'm trying to understand the concept of SSH tunnelling and port forwarding and was wondering if someone could explain some of the technicalities.

Server A: 192.168.0.3:80 (HTTP)

SSH Box : 192.168.0.2 (SSH server)

Local Machine : 192.168.0.1

The Local machine cannot connect to Server A (port 80) directly, but it can connect to SSH Box, which in turn can connect to Server A.
So Local Machine connects to SSH Box ( using ssh )and I forward the connection from Server A onto my Local Machine ( via SSH BOX) on an unused port, e.g 3500 . This is the section I need explaining :
I often use Putty on XP and when I SSH to remote linux server port 22 the initial connection is made via an unused port, say 2150 on the Local Machine (found using netstat) .
Now this "information channel" between p2150 (lm) and p22(server) is encrypted and safe. So when I want data to be forwarded to port 3500, am I in essence telling the computer to divert the "encrypted data" from the port2150-port22 "channel" to the Web Browser via port 3500 ?? Port 3500 has no real direct contact with port 22 on the SSH Box or the outside world. Or does it ?
Could someone explain to me the role of all three ( in my case 2150, 22 and 3500) ports in this ??
I wrongfully thought that the Putty connection in the above case would be :

port3500(Local Machine)-----port22(SSH Box)

Is the actual layout something similar to below ???


http://i4.tinypic.com/4tghr7o.jpg


Local Machine port 2150 <---------->port 22 SSH BOX <----> HTTP :80
|
| <- port 3500
|
Web Browser

Thanks again !

Uncle.

Last edited by uncle-c; 11-03-2007 at 10:08 AM.
 
Old 11-03-2007, 09:27 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
ok, so the client port, 2150, is really irrelevant as far as you are concerned. that's simply the other end of the tcp connection to the remote host, at tcp level, it plays no visible part for you. When you do set up that tunnel port, then the ssh client starts up a server connection on your local machine on a specified port. assuming you're not an administrator on the client, then that port has to be over 1024, outside of that though, you can pick any port at all. So without reading too much into phrases like "client" and "server", in the strictest sense your ssh client is now "serving" port 3500. you then use that port as it it were the destination (as you know) so you have a second tcp session from another random local port, called an ephemeral port btw, as the "client" and local port 3500 as the "server" port. this connection is then accepted by ssh and handled however it sees fit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba ssh port forwarding question.. brianbek Linux - Networking 1 01-18-2006 10:56 PM
ssh port forwarding question lmcilwain Linux - Networking 4 09-29-2005 03:32 PM
ssh port forwarding (tunneling?) question podollb Linux - Software 4 10-20-2004 02:12 AM
A little question to an SSH guru (port forwarding) J_Szucs Linux - Software 3 11-01-2003 08:59 AM
Ssh port forwarding? J_Szucs Linux - Networking 1 10-29-2003 05:42 AM


All times are GMT -5. The time now is 06:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration