1)These Port Forwarding Technique Permit to communicate external Predetermine Network Port(routing).
2)ssh tunneling is encapsulate the network protocol to another protocol.
Use service like HTTP,VNC, FTP.SMTP, IMAP, POP, LDAP.
Advantage :
1) Without having the root privilege to forward the port using ssh.
2)Take the service for non rout able IP via SSH tunneling.
Disadvantage :
1)For each service we have to set the separate port number.
1)Dynamic Port Forwarding (SSH -D) we have to specify the Socky proxy in Browser.
2)Local Port Forwarding (SSH -L) there is no need to specify the proxy, Instead we have to specify the Port number in IP like localhost:7000
root@10.0.0.1#ssh -L 7000:localhost:80 10.0.0.2
NOTE 1: Port Forwarding it is just Forward PORT not IP address so while access we have to use host name as localhost(or)127.0.0.1 specify the port number.
Note 2: Port 7000 is bind at the client side, So what are the request sent to the port 7000 -> ssh client -> forward to the ssh server 20.0.0.3:5900.
3)Remote Port Forwarding : Mainly it is not used, it is little bit confuse, connections from the SSH server are forwarded via the SSH client, then to a destination server(reverse to the Local Forwarding) .
Usage : From the client machine access service.
Windows Port Forwarding Using PUTTY: we have to use the putty software. In SSH-> Tunnel we have to specify
a) Source Port
b) Destination IP : Destination Service Port number.
Like : http://www.walkernews.net/wp-content/uploads/2007/07/vista-ssh-port-forwarding.JPG
SSH Tunneling Example
1)#ssh -L 7001:192.168.102.XXX:80 user@202.41.64.XXX (Port Forwarding HTTP Web Browser) To view #http://localhost:7001/
2)#ssh -L 7000:192.168.103.XXX:5900 user@202.41.64.XXX (Port Forwarding the VNCVIEWER). To View #vncviewer localhost:7000:1
SSH PORT FORWARDING ERROR MESSAGE.
Getting Error Message : channel 3: open failed: connect failed: No route to host
Suggestion
Try to connect port with telnet to check whether is able to connect or not.
$ telnet localhost 7000
2)ssh tunneling is encapsulate the network protocol to another protocol.
Use service like HTTP,VNC, FTP.SMTP, IMAP, POP, LDAP.
Advantage :
1) Without having the root privilege to forward the port using ssh.
2)Take the service for non rout able IP via SSH tunneling.
Disadvantage :
1)For each service we have to set the separate port number.
1)Dynamic Port Forwarding (SSH -D) we have to specify the Socky proxy in Browser.
2)Local Port Forwarding (SSH -L) there is no need to specify the proxy, Instead we have to specify the Port number in IP like localhost:7000
root@10.0.0.1#ssh -L 7000:localhost:80 10.0.0.2
SYNTAX :Host1#ssh -L (host1-specifed by user):Host3-IP-ADDRESS:(host3-Service Port) Host2-IPADDRESS
root@10.0.0.1#ssh -L 7000:20.0.0.3:5900 10.0.0.2
HOST1-->HOST2-->HOST3
NOTE: 7000 Port is specified by user
5900 Port is vncservice port
Scenario 1) we are connecting from 10.0.0.1 via 10.0.0.2 to 20.0.0.3, taking service for non rout-able IP.root@10.0.0.1#ssh -L 7000:20.0.0.3:5900 10.0.0.2
HOST1-->HOST2-->HOST3
NOTE: 7000 Port is specified by user
5900 Port is vncservice port
NOTE 1: Port Forwarding it is just Forward PORT not IP address so while access we have to use host name as localhost(or)127.0.0.1 specify the port number.
Note 2: Port 7000 is bind at the client side, So what are the request sent to the port 7000 -> ssh client -> forward to the ssh server 20.0.0.3:5900.
3)Remote Port Forwarding : Mainly it is not used, it is little bit confuse, connections from the SSH server are forwarded via the SSH client, then to a destination server(reverse to the Local Forwarding) .
Usage : From the client machine access service.
Windows Port Forwarding Using PUTTY: we have to use the putty software. In SSH-> Tunnel we have to specify
a) Source Port
b) Destination IP : Destination Service Port number.
Like : http://www.walkernews.net/wp-content/uploads/2007/07/vista-ssh-port-forwarding.JPG
SSH Tunneling Verification
# w | grep "ssh -L" [ SSH Server SIDE]
root pts/14 :1.0 12:27 4:47 0.34s 0.31s ssh -L 7000:192
# netstat -tulpn | grep Port-Number [ Here Port number is 7000]
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 27080/ssh
HOST1#netstat -tulpn | grep 7000
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 7651/ssh
tcp 0 0 ::1:7000 :::* LISTEN 7651/ssh
HOST3:# netstat -tulpn | grep 5900
tcp 0 0 :::5900 :::* LISTEN 35277/vino-server
# w | grep "ssh -L" [ SSH Server SIDE]
root pts/14 :1.0 12:27 4:47 0.34s 0.31s ssh -L 7000:192
# netstat -tulpn | grep Port-Number [ Here Port number is 7000]
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 27080/ssh
HOST1#netstat -tulpn | grep 7000
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 7651/ssh
tcp 0 0 ::1:7000 :::* LISTEN 7651/ssh
HOST3:# netstat -tulpn | grep 5900
tcp 0 0 :::5900 :::* LISTEN 35277/vino-server
SSH Tunneling Example
1)#ssh -L 7001:192.168.102.XXX:80 user@202.41.64.XXX (Port Forwarding HTTP Web Browser) To view #http://localhost:7001/
2)#ssh -L 7000:192.168.103.XXX:5900 user@202.41.64.XXX (Port Forwarding the VNCVIEWER). To View #vncviewer localhost:7000:1
SSH PORT FORWARDING ERROR MESSAGE.
Getting Error Message : channel 3: open failed: connect failed: No route to host
Suggestion
Try to connect port with telnet to check whether is able to connect or not.
$ telnet localhost 7000
0 Comments