-   Linux - Networking (
-   -   Port number used by server when using dynamic port forwarding in SSH? (

kreeder 11-19-2011 02:13 PM

Port number used by server when using dynamic port forwarding in SSH?
Common practice is to use the Dynamic port forwarding feature of SSH to make a secure connection while browsing the web, i.e.

ssh -D 1234 me@some_server

where "me" is my user login ID and "some_server" is a trusted server somewhere that is running SSHD. If I configure my web-browser to use a socks proxy with the socks host set to "localhost" (or and port set to 1234, I can browse the web and the web servers will think the traffic is to/from server "some-server" rather than my local computer. Not to mention that the connection between my local computer and "some_server" will now be encrypted.

But what port number is the server "some_server" using for communication to/from the other web servers on the internet? I know the connection between my local computer and "some_server" is using port 22 (standard SSH port), but what port is "some_server" using to request/receive internet traffic?

I know typical HTTP servers listen on port 80. And I believe the web-clients use the ephemeral/dynamic ports (ports 49152 to 65535). I'm a little unclear on which ports are used to/from web-server and "some_server."

Any help people could offer to clear this up fro me would be greatly appreciated!


acid_kewpie 11-19-2011 02:26 PM

just about all client connections use ephemeral ports, if that's what you mean. This is something that the operating system handles, so will happen to all tcp/ip connections unless instructed otherwise (e.g. ntp which is on udp/123 on both ends)

Also note the ephemeral port range varies a lot, there is no fixed range.

kreeder 11-21-2011 06:17 AM

What seems odd to me is that a web-browser running directly on "some_server" is unable to connect to the internet, yet a web-browser running on my local PC configured to use SSH and socks proxy through "some_server" has no problem reaching the internet. I know "some_server" sits behind a firewall and that many ports are blocked, so I'm not surprised that the web-client on "some_server" wouldn't work. But I am surprised that SSH tunneling from my PC to "some_server" does work. I can browse the web from my PC and I've confirmed that the web sees the IP address of "some_server" rather than my local PC.

Is it possible that "some_server" would use port 22 to request/receive internet traffic when my local PC is configured for SSH tunneling?


acid_kewpie 11-21-2011 06:32 AM

from what you've described, it sounds like you must be missing something simple. using a server for socks proxying, the server IS going to the remote site, there's no difference in the network traffic. A TCP/IP connection will use a local ephemeral port and a specific remote port, 80 or 443, whichever way round you try it. A better comparison would probably be to use curl on the proxy machine to grab a site, that should work if the ssh route does.

kreeder 11-21-2011 02:07 PM

Problem fixed. Turns out that the server's network settings for DNS were configured wrong. I'm guessing the fact that SSH tunneling worked is a red-herring and that DNS lookup using SSH tunneling must be done on the client-side rather than server-side, and that's why the server was still able to properly request/receive internet traffic.


All times are GMT -5. The time now is 01:20 PM.