SSH Tunnel
- Local , -NfL
- Remote, -NfR
- Dynamic, -NfD
Local
-L means redirect the port on local to port of remote host,through open an listening socket port on localhost.
Localhost, ssh -NfL local_port:remote_host:remote_port bridge_user@bridge_host
Then, ssh localhost:local_port
,we will access remote_host
.
Assume we can't access remote_host
,but the bridge_host
can,and we can access bridge_host
.
It works like proxy.
Like we can't access the imager.com but the example.com can,so
ssh -L 9000:imgur.com:80 user@example.com
the we broswer http://localhost:9000 to will direct to imager.com.
Root priviliges for special ports,the same as below.
Remote
-L means redirect the port on the remote to the port on local,through open an socket port on remote.
Remote host ssh -NfR 1234:localhost:22 a.b.c.d
a.b.c.d host ssh -p 1234 localhost
Assume the a.b.c.d is the public host,you can access the Remote host which you can't conect direct through the a.b.c.d host which you can access.
Mostly for access the internal host accross the firewall .
Like my customer will see the dev web result on local,and you have a public host example.com with ssh access right,the you can on local host:
ssh -R 9000:localhost:3000 user@example.com
Noticed,SSH doesn’t by default allow remote hosts to forwarded ports.But you can add GatewayPorts yes
in /etc/ssh/sshd_config
the SSH config file.Don't forget restart the ssh services for make it works.
Then you may access http://example.com:9000 will be fine.
Dynamic
-D means special dynamic port for redirect,throught open a port on localhost.
ssh -NfD 7000 username@remote-host
Or use ssh -NfD 0.0.0.0:7000 username@remote-host
for listening other host proxy.
Here the port 7000 is listening socket port on localhost .Then you can use the socket proxy with setting the browser with proxy ip 127.0.0.1 and port with 7000.
ref:
http://blog.creke.net/722.html
more: