Tips Server ssh forward reverse proxy

　　　　

1. ssh [email protected]115.28. 87.102
(Connect to a remote host directly using SSH instead of using http,ftp to connect to a specific remote host)
Exit and Logout close connection exit

2.left-connection (left connection forward connection)

  2  :server_ip ( Server that end can access IP address a): Server_port (Port of a)  3  Login Server user name @ server ip-p server_port ( Port default for server ssh: 22)  5  has a default value so you can do without-p additional server IP can also be replaced with the domain name as the HTTP protocol 

Specific explanations:
My IP is within the LAN of a router 192.168.1.104 open a port 7900 locally and then left-connect the server http://test.conglinnet.com/(this Web site on the server IP 115.28.87.102)
At this time and I on the same LAN, such as 192.168.1.106 in the local browser type 192.168.1.104:7900 will open the http://test.conglinnet.com/Web page

ssh-l 192.168.1.104:7900:test.conglinnet.com:80 [email protected]

At this point, all requests destined for the 192.168.104:7900 port will be sent through Port 7900 on 192.168.1.104 via the specified port on the SSH remote host (115.18.87.102) to which it is connected.

Meanwhile the requested response will also be returned to my 7900 port when someone else accesses my 7900 port to see the data on the current 7900 port

So obviously this is going to happen. The remote host does not know which device the request is actually sent behind my 7900 port
Support FTP via 7900 port SSH, ssh,http, etc. but does not seem to support VPN, because the GRE protocol is not supported

Bottom line: Mirror the server-accessible machine address and port (and, of course, the server itself) to the client's port

right-connection-Right Connection Reverse connection

1 ssh-r server_ip (can be omitted, omitted is the default value 127.0.0.1): server_port:2        client_ip ( IP address that can be accessed by client side D): Client_port (d accessible port)  3          Login server username @ server IP-p [Server SSH service port (default)]4                      

Specific explanations:
I have a personal PC or I bought a powerful computer to do a server on the Web Unfortunately, a fixed IP on the global Internet, a limited number of IP addresses that can be accessed by anyone, and the market is now relatively tight
But I got one, and I want to map this PC to the address that I can access, so the resources are on my local, anyone can access it on the Internet, and it comes to me to request

(or forward the request to my PC), I return the response to it, it will respond to the data to the requesting person.

Ssh-r test.conglinnet.com:8999:192.168.1.104:9000 [email protected]

The situation at this time is that anyone accessing http://test.conglinnet.com:8999 will actually transfer the request to port 9000 on my native (192.168.1.104) in a local area network, and I have a Web server on port 9000

Note

Of course, there will be some other differences in implementation, here is just a description of the principle of ssh. Normally, you might actually do it again. Port forwarding
80 ports on the server are forwarded to 8999, and then anyone can access http://test.conglinnet.com directly.

There are actually fixed IP and domain name, one of the most obvious difference is that a fixed IP will usually have n domain names, or more waste IPv4 limited fixed IP

A word of emphasis: mirror the machine address and port (including the client itself) to the server's port, which the client can access

As it seems, communication between applications seems to be the communication between the ports.

　　　　

Other common SSH fragments
ssh-d client_port Login Server user name @server_ip
At this time, Firefox or IE in the SOCKS agent monitoring this machine that client_port is OK

ssh-v-R 0.0.0.0:8999:0.0.0.0:9000 [email protected] // also commonly used 0.0.0.0来 listen to all addresses, worry.

Other common parameters of SSH
-Q silent operation, even if the error is not prompted
-F Run in background
-C compression, when the bandwidth is poor compression will be faster, otherwise it will be slower
-I xxx.file provides direct authentication of public key files
-l Specifies the user name, which is actually the one written in front of the @.

Tips Server ssh forward reverse proxy