SSH port forwarding, first reprint, the last personal experience

SSH Port forwarding is divided into two types, one is local port forwarding, also known as the local ssh tunnel. is always remote port forwarding. SSH Port forwarding, you must also specify the destination host for the data transfer, thus forming a point-to-point port forwarding.

Local Port forwarding

assume that there are three hosts a,B,C. For a variety of reasons ( whether it is a firewall or a routing cause ), there is no connection between theAC two hosts. But B can connect with AandC . At this point, you can use local port forwarding to achieve A and C through B to connect.

A 192.168.7.27

B 192.168.6.19

C 192.168.30.68

6 Network segment and 7 network segment, the network segment are all connected, but 7 network segment and network segment is not through, now need to access from 7 network segment of a Web Services, which can be implemented via local port forwarding. First, make sure that the SSH service of aandB turns on allow forwarding:gatewayports yes,allowtcpforwarding Yes

Execute the following command on a :

Ssh-l test-l 192.168.7.27:59000:192.168.30.68:80 192.168.6.19

There are four values separated by colons after the parameter- l , which are ' Local address : Local port : target host : destination host port '. The meaning of this command is to specify SSH to bind the 59000 Port of the 192.168.7.27 , and then specify 192.168.6.19 to forward all the data to the target host The port of 192.168.30.68 .

So, as long as we connect the 59000 Port of a local address on a , it is equal to the port of 192.168.30.68 .

Curl Http://192.168.7.27:59000/

This local port forwarding is suitable for a is the Enterprise LAN machine,B,C are on the WAN has a separate public network IP machine, but the enterprise's firewall blocked a and c Direct communication, but allows a and b communication, so that a can communicate through B and C .

Remote port forwarding

assume that there are three hosts a,B,C. A is the enterprise intranet machine,B is a company with a private network IP and public network IP server ( similar gateway ),C is a server with public IP on the Internet ,a can be directly connected to C,B can directly connect a ( network ), can also be directly connected to the C ( public ), but because a in the network, so C can not directly connect A, But C can be connected by B to A.

A 10.1.6.234

B 114.80.130.88/10.1.10.1

C 119.75.218.77

Execute the following command on B :

Ssh-l taomee-p 58000-r 10.1.10.1:59000:10.1.6.234:80 119.75.218.77

Execute the following command on C :

Curl http://10.1.6.234

======================================================

Reprint Source Address: http://my.oschina.net/guol/blog/115235

=======================================================

My situation is there is a and b between a dedicated line/VPN, you can access each other intranet Ip,c is the Amazon Rds,b and C has a VPN, can be intranet IP access, but a can not access C, now a to access C, B as the agent to do local port forwarding

Final personal command: (running on the agent machine)

Ssh-l root-l 0.0.0.0:3306:mysql:3306 10.3.211.226

Root is the user name of logon agent machine B

The 3306 port of the 0.0.0.0:3306 Access Agent machine is forwarded to C

MySQL is not accessible to the database C

10.3.211.226 is the IP of agent machine B

SSH port forwarding, first reprint, the last personal experience