Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-17-2006, 04:15 AM
|
#1
|
Member
Registered: Sep 2003
Location: Virginia
Distribution: Slackware, CentOS, Red Hat
Posts: 48
Rep:
|
Understanding port forwarding
I have an application that gave a sample of the ssh command to run on the client to connect to the server. Before finding this I looked in the man pages and what I got out of it was this
Code:
ssh -f -N -L port:localhost:port-forward serverhost
but this program has
Code:
ssh -f -N -L port:serverhost:port-forward serverhost
I was trying to capture that packets and it looks like everything is being encrypted, but I would like to understand port forwarding a little better. When I tried to set it up with the localhost it couldnt connect.
I appreciate any answers
Pete
Last edited by DIGITAL39; 12-17-2006 at 04:16 AM.
|
|
|
12-17-2006, 09:27 AM
|
#2
|
Member
Registered: Jan 2003
Distribution: Slackware
Posts: 82
Rep:
|
The -L flag is for making ssh forward a connection to some port on the client to the server, from which it goes to some remote port and address.
For example, if you are on boxA and type "ssh boxB -L 8080:boxC:80", then data sent to boxA:8080 will be forwarded by ssh to the server on bobB, which will then open a connection from boxB to boxC:80. boxC can of course be the same as boxB or even boxA.
For security, ssh by default only binds the local port (8080 on boxA) to localhost. That is, someone on boxD can't connect to that tunnel. The optional bind address is for overriding this by choosing which of the local interfaces to bind on.
Compare this with -R, which is sort of the opposite: it opens a port on the remote server that forwards to a port on the local client. There's also the -D option for setting up a SOCKS server forwarding connections dynamically from the client to remote.
|
|
|
12-17-2006, 11:52 AM
|
#3
|
Member
Registered: Sep 2003
Location: Virginia
Distribution: Slackware, CentOS, Red Hat
Posts: 48
Original Poster
Rep:
|
Good information
I found out what my problem was, I misread the man pages. I understood that it took the port and forwarded it, but I was reading that it said it should be localhost, which was incorrect. So I am sorry for a wasted topic, but solnul you taught me something new about the binding on 8080
Thanks
|
|
|
12-18-2006, 11:28 AM
|
#4
|
Member
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777
Rep:
|
EDIT : Sorry, this was an inappropriate post in the earlier state. I could'nt achieve it the way i said it to you. The methodology i had suggested has a secure tunnel restricted to localhost only & yes in its present state either i got to port forward with iptables or a direct connection needs to be established to any of a ssh server beyond the scope of my isp.
Regards..
Last edited by amitsharma_26; 12-18-2006 at 03:38 PM.
|
|
|
12-18-2006, 12:57 PM
|
#5
|
Member
Registered: Sep 2003
Location: Virginia
Distribution: Slackware, CentOS, Red Hat
Posts: 48
Original Poster
Rep:
|
Quote:
I use the second way to encrypt my packets whenever i access net via some global anonymous proxy.
|
How do you do that? I understand setting up a ssh server locally and tunneling to that, but if you are encrypting the information how is the proxy going to read it or am I think of this in the wrong way. Sorry for not understanding I am just new to this.
|
|
|
All times are GMT -5. The time now is 08:11 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|