have been tangled up in what is Port forwarding, now write down your own understanding, and experiment with local ports, remote port forwarding
SSH (Secure shell, Security shell Protocol), The transfer of data on the SSH channel is encrypted, and each SSH connection performs a fingerprint check to confirm that the user is connected to the correct remote host, and if the data in the other protocol is forwarded over the SSH port, the SSH connection is the channel (tunnel) that is transmitted as the other protocol. This approach is also called SSH port forwarding or SSH tunneling.
Function: Encrypt data transfer, break firewall limit
Category: Local forwarding, remote forwarding, dynamic forwarding
One, local port forwarding
local forwarding in local refers to the local port forwarding to a port to another host, so that when our program connects to the local port, actually indirectly connected to a port on another host, When we send the packet to this port, the packet is automatically forwarded to the remote port.
Command syntax:ssh-l [Bind-address:]port:host:hostport server_address
Explanation: bind_address represents the IP (bound address) of the local host, which is for the system has more than one NIC, does not specify the default is 127.0.0.1
PORT: Local host Specifies the ports to listen on
Host: IP for remote host
Hostport: Specifies the port of the remote host, if the remote host is HTTP, is 80,ftp (21) ...
Server_address: The IP of the remote host, or another IP that can be accessed to the remote host (which we understand through experimentation)
There are several additional parameters to know:
-L: Specifies that the specified port on the local (client) host is forwarded to a given remote host and port
-N: Do not execute remote instruction
-F: Performed in the background
Experiment: Host A (192.168.31.100), Host B (192.168.31.150), Host C (192.168.31.163) three hosts
A, B, C can all be connected to each other
Execute command on Host A: # ssh-nf-l 192.168.31.100:7900:192.168.31.163:22 192.168.31.150
It is important to note that in this case we have selected 7900 port as the local listening port, when selecting the port number to note that the non-administrator account is not authorized to bind 1-1023 port, so generally choose a 1024-65535 and unused port number.
When we finish this command, we find that the terminal is unresponsive, because it is executed in the background, how do we know if port forwarding is turned on?
netstat-nt: List ports for TCP network data
NETSTAT-NTLP: List The network connection ports and PID that the system is listening on
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/66/wKioL1UIPAyCPiOxAANP64rkxog089.jpg "title=" QQ picture 20150314151110.png "Width=" "height=" 307 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:750PX;HEIGHT:307PX; " alt= "Wkiol1uipaycpioxaanp64rkxog089.jpg"/>
We found that host A's 7900 port has been monitored, is ssh (SSH is the customer service side) monitoring, and 192.168.31.150 (Host B) to establish an SSH tunnel, and we know that Host B and host C is capable of communication, we can access through host a port, in fact, is indirectly with Host B in Access, in order to effect we can use host C access to host A: (-P: is the specified remote port)
Execute on Host C: SSH 192.168.31.100-p 7900 (if there is no tunnel before, host C login Host A, the IP of the login must be host C IP, after the tunnel, through host a port and Host B tunnel, is host B in the login IP)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/6C/wKiom1UIRB3T1G7FAAK_ryI12JY748.jpg "title=" QQ picture 20150314151110.png "width=" 780 "height=" 231 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:780px;height:231px; " alt= "Wkiom1uirb3t1g7faak_ryi12jy748.jpg"/>
Above we speak of command syntax:ssh-l [Bind-address:]port:host:hostport server_address
Server_address can be different from host, or it can be the same
# ssh-nf-l 192.168.31.100 : 7900 : 192.168.31.163 : A 192.168.31.163
The above means that "192.168.31.100" and "192.168.31.163" establish an SSH tunnel,
As long as it is accessed by 192.168.31.100 the "port" of this host, it is equivalent to 192.168.31.163 the host is accessing
Experiment Two: Host C (192.168.31.163) does not allow host a access, but allows Host B access, through the SSH tunnel to achieve a access C
Build the environment: on Host C in order to not allow host a access, you can add a line in the/etc/hosts.deny configuration file: "sshd:192.168.31.100", plus the IP of host a can 650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/5B/67/wKioL1UIVrTD9YhWAACV5wBYp-0627.jpg "title=" qq picture 20150314151110.png "alt=" Wkiol1uivrtd9yhwaacv5wbyp-0627.jpg "/> the connection has been closed
Environment set up, we do on host a: ssh-nf-l 192.168.31.100:9000:192.168.31.163: 22 192.168.31.163
Tunnel has, we are denied access to host A on the execution: Ssh-p 9000 192.168.31.100 (meaning to connect host a 9000 port, and 9000 port and Host B is connected to a tunnel, when using host A's 9000 port access, is the Host B access, So host A is forbidden to access it anyway)
Finally, you need to be reminded that if you want to close an SSH tunnel, you can kill the related process with kill, and the specified connection will be closed when the tunnel is closed.
Second, remote port forwarding can be implemented to access the intranet
SSH Remote port forwarding:
Remote forwarding is similar to local, but the difference is that local forwarding is a port specified on the local host, and remote forwarding is a port that is specified on a remote host to forward connections to that port to the local port. Essentially, the difference is whether the port that needs to be forwarded is on the remote host or the local host mountain.
However, the command options used by remote forwarding are also different:
Ssh-r [Bind-address:]post:host:hostport server_address
It is important to note that:
BIND-ADDRESS specifies a remote host IP, not a native
PORT: Remote host Specifies the ports to listen on
Host: The hosts you need to access
Hostport: Specifies the port of the host being accessed
Server_address: remote host and who? Established the tunnel, specifying who
We all know the intranet through the router (SNAT) can access the external network, the outside network is inaccessible to the intranet, we use SSH to achieve access to the intranet, to build this environment, I first think of the VMware NAT mode, I set host C NAT mode
Host a:192.168.31.100 (External network)
Host b:192.168.31.150 (External network)
Host c:192.168.200.133 (intranet)
Execute command on Host C: Ssh-nf-r 192.168.31.150:9000:192.168.200.133:22 192.168.31.150
Netstat-nt:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/6D/wKiom1UIZ-KwaYHRAAESbIS9Jog454.jpg "title=" QQ picture 20150314151110.png "alt=" wkiom1uiz-kwayhraaesbis9jog454.jpg "/> Host C has established a tunnel with 192.168.31.150 (Host B)
At this point you do NETSTAT-NTLP on host C and there is no listening on the 9000 port, because you are on the other side of the host open a port, you need to perform NETSTAT-NTLP on Host B :
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/67/wKioL1UIaZmwEFpuAAG395uWnjI642.jpg "title=" QQ picture 20150314151110.png "width=" 780 "height=" 197 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:780PX;HEIGHT:197PX; " alt= "Wkiol1uiazmwefpuaag395uwnji642.jpg"/>
What do you mean, we found out, 127.0.0.1:9000? This refers to the machine, and does not arbitrarily specify an IP, so too dangerous, the back becomes sshd monitoring, is the SSH server, so we also called reverse tunnel.
On the external network Host B: Ssh-p 9000 127.0.0.1
The main no longer is SSH-P 9000 192.168.31.150, complete
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/6D/wKiom1UIbWrgWnbFAAMqHYooLYg837.jpg "title=" QQ picture 20150314151110.png "alt=" Wkiom1uibwrgwnbfaamqhyoolyg837.jpg "/>
This article is from "Xiao Xu" blog, please be sure to keep this source http://loopholes.blog.51cto.com/9445813/1621786
Understanding of SSH port forwarding (elite)