Introduction

Today we are going to experience the power of the SSH(Secure Shell) command. Yes Linux. I recently wrote an article on X11 forwarding that allows to map your local computer’s GUI to server where SSH is used underneath. It’s time for you read it if you haven’t. To understand the today’s topic let’s 1st look at what’s tunnelling that’s the foundation. In wikipedia tunnelling is defined as follows.

In computer networks, a tunneling protocol allows a network user to access or provide a network service that the underlying network does not support or provide directly. – wikipedia

SSH tunnelling can be created using three kinds of port forwarding mechanisms as mentioned below.

• Local port forwarding – Today’s topic
• Remote port forwarding
• Dynamic port forwarding

Local Port Forwarding via SSH

Today we are going to focus on local port forwarding. This can be used to access a network that is not accessible directly. Let’s take an example and see. The following image is used to elaborate the scenario.

• A -> Local Computer
• B -> Another Host – 192.168.6.162
• C -> Another Host – 10.42.128.6

Following assumptions are made to explain the scenario.

• A can’t access C directly.
• A can access only B and B can access C.
• C is running the service on port 8081 that needs to be access by A.
• Port 8081 is free on A.

Our goal is to figure out a way to access C from A. This can be achieved via our mighty SSH local port forwarding. What we are going to do is forward the traffic from A to B then B will forward the traffic to C. Below command will help us to get the work done.

sudo ssh user@remoteMiddleIP -L localPort:remoteIP:remotePort

The man page has a very good explanation about the above command.

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.

The command for the our scenario should be as follows.

sudo ssh username@192.168.6.162 -L 8081:10.42.128.6:8081

Above command tells that locally on the machine(A) listen to the port 8081 and every single connection that arrives at that port should be forwarded to the server 192.168.6.162. From there connections will be forward to 10.42.128.6.

Tips & Tricks

See the video below to understand what SSH can do for you. He discusses about all three port forwarding mechanisms and few more SSH tips and tricks. Also don’t forget to refer this link for more information.

So that’s it about local port forwarding. If you have any questions let me know in the comments below. Your feedback is highly appreciated(happy-face).