LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-17-2006, 04:15 AM   #1
DIGITAL39
Member
 
Registered: Sep 2003
Location: Virginia
Distribution: Slackware, CentOS, Red Hat
Posts: 48

Rep: Reputation: 15
Understanding port forwarding


I have an application that gave a sample of the ssh command to run on the client to connect to the server. Before finding this I looked in the man pages and what I got out of it was this

Code:
ssh -f -N -L port:localhost:port-forward serverhost
but this program has

Code:
ssh -f -N -L port:serverhost:port-forward serverhost
I was trying to capture that packets and it looks like everything is being encrypted, but I would like to understand port forwarding a little better. When I tried to set it up with the localhost it couldnt connect.

I appreciate any answers

Pete

Last edited by DIGITAL39; 12-17-2006 at 04:16 AM.
 
Old 12-17-2006, 09:27 AM   #2
solnul
Member
 
Registered: Jan 2003
Distribution: Slackware
Posts: 82

Rep: Reputation: 15
The -L flag is for making ssh forward a connection to some port on the client to the server, from which it goes to some remote port and address.

For example, if you are on boxA and type "ssh boxB -L 8080:boxC:80", then data sent to boxA:8080 will be forwarded by ssh to the server on bobB, which will then open a connection from boxB to boxC:80. boxC can of course be the same as boxB or even boxA.

For security, ssh by default only binds the local port (8080 on boxA) to localhost. That is, someone on boxD can't connect to that tunnel. The optional bind address is for overriding this by choosing which of the local interfaces to bind on.

Compare this with -R, which is sort of the opposite: it opens a port on the remote server that forwards to a port on the local client. There's also the -D option for setting up a SOCKS server forwarding connections dynamically from the client to remote.
 
Old 12-17-2006, 11:52 AM   #3
DIGITAL39
Member
 
Registered: Sep 2003
Location: Virginia
Distribution: Slackware, CentOS, Red Hat
Posts: 48

Original Poster
Rep: Reputation: 15
Good information

I found out what my problem was, I misread the man pages. I understood that it took the port and forwarded it, but I was reading that it said it should be localhost, which was incorrect. So I am sorry for a wasted topic, but solnul you taught me something new about the binding on 8080

Thanks
 
Old 12-18-2006, 11:28 AM   #4
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
EDIT : Sorry, this was an inappropriate post in the earlier state. I could'nt achieve it the way i said it to you. The methodology i had suggested has a secure tunnel restricted to localhost only & yes in its present state either i got to port forward with iptables or a direct connection needs to be established to any of a ssh server beyond the scope of my isp.

Regards..

Last edited by amitsharma_26; 12-18-2006 at 03:38 PM.
 
Old 12-18-2006, 12:57 PM   #5
DIGITAL39
Member
 
Registered: Sep 2003
Location: Virginia
Distribution: Slackware, CentOS, Red Hat
Posts: 48

Original Poster
Rep: Reputation: 15
Quote:
I use the second way to encrypt my packets whenever i access net via some global anonymous proxy.
How do you do that? I understand setting up a ssh server locally and tunneling to that, but if you are encrypting the information how is the proxy going to read it or am I think of this in the wrong way. Sorry for not understanding I am just new to this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Understanding Kernel Patch and port it forward kushalkoolwal Linux - Kernel 3 06-14-2006 06:19 AM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 01:08 PM
Port 80 forwarding to port 22 with iptables zahoo Linux - Networking 3 02-22-2005 08:22 AM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 11:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration