Wednesday, May 02, 2007

SSH Tunnels

SSH allows us to play some tricks with the local ports and enable ssh tunnels for port forwarding. This allows for some nifty tricks in restricted corporate environments, to access the real world wide web and nothing else ofcourse.

There is small nuance while configuring ssh tunnels. The tunnels are bound to the localhost:portnum. Now trying to access localhost_ip:portnum doesnt resolve to the same port (remember a port is always referred to as a combination of ip+portnum).

127.0.0.1:605 = localhost:605 != localhost_ip:605

This is because [ man ssh(1) ] while doing port forwarding

-L port:host:hostport
Specifies that the given port on the local (client) host
is to be forwarded to the given host and port on the
remote side. This works by allocating a socket to listen
to the port on the local side. Then, whenever a connec-
tion is made to this port, the connection is forwarded
over the secure channel and a connection is made to host
port hostport from the remote machine. Port forwardings
can also be specified in the configuration file...


Now what if you want to use the localhost_ip:port instead then [ man ssh(1) ]

-g
Allows remote hosts to connect to local forwarded ports.


Chillax... Have fun

1 comment:

vivek said...

Hi Allen,

Long time no see ! My active email id is vivek[A-T]security-freak[Dot]net . Btw i have started the videos site :D ... check it out at www.security-freak.net

Keep in touch !

Vivek