Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-03-2007, 07:54 AM   #1
Registered: Oct 2006
Location: The Ether
Distribution: Ubuntu 16.04.7 LTS, Kali, MX Linux with i3WM
Posts: 299

Rep: Reputation: 30
An abstract question on ports wrt port forwarding and ssh tunnels.

Hi there,
I'm trying to understand the concept of SSH tunnelling and port forwarding and was wondering if someone could explain some of the technicalities.

Server A: (HTTP)

SSH Box : (SSH server)

Local Machine :

The Local machine cannot connect to Server A (port 80) directly, but it can connect to SSH Box, which in turn can connect to Server A.
So Local Machine connects to SSH Box ( using ssh )and I forward the connection from Server A onto my Local Machine ( via SSH BOX) on an unused port, e.g 3500 . This is the section I need explaining :
I often use Putty on XP and when I SSH to remote linux server port 22 the initial connection is made via an unused port, say 2150 on the Local Machine (found using netstat) .
Now this "information channel" between p2150 (lm) and p22(server) is encrypted and safe. So when I want data to be forwarded to port 3500, am I in essence telling the computer to divert the "encrypted data" from the port2150-port22 "channel" to the Web Browser via port 3500 ?? Port 3500 has no real direct contact with port 22 on the SSH Box or the outside world. Or does it ?
Could someone explain to me the role of all three ( in my case 2150, 22 and 3500) ports in this ??
I wrongfully thought that the Putty connection in the above case would be :

port3500(Local Machine)-----port22(SSH Box)

Is the actual layout something similar to below ???

Local Machine port 2150 <---------->port 22 SSH BOX <----> HTTP :80
| <- port 3500
Web Browser

Thanks again !


Last edited by uncle-c; 11-03-2007 at 09:08 AM.
Old 11-03-2007, 08:27 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
ok, so the client port, 2150, is really irrelevant as far as you are concerned. that's simply the other end of the tcp connection to the remote host, at tcp level, it plays no visible part for you. When you do set up that tunnel port, then the ssh client starts up a server connection on your local machine on a specified port. assuming you're not an administrator on the client, then that port has to be over 1024, outside of that though, you can pick any port at all. So without reading too much into phrases like "client" and "server", in the strictest sense your ssh client is now "serving" port 3500. you then use that port as it it were the destination (as you know) so you have a second tcp session from another random local port, called an ephemeral port btw, as the "client" and local port 3500 as the "server" port. this connection is then accepted by ssh and handled however it sees fit.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba ssh port forwarding question.. brianbek Linux - Networking 1 01-18-2006 09:56 PM
ssh port forwarding question lmcilwain Linux - Networking 4 09-29-2005 02:32 PM
ssh port forwarding (tunneling?) question podollb Linux - Software 4 10-20-2004 01:12 AM
A little question to an SSH guru (port forwarding) J_Szucs Linux - Software 3 11-01-2003 07:59 AM
Ssh port forwarding? J_Szucs Linux - Networking 1 10-29-2003 04:42 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:48 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration