What is Tunneling?
- Tunneling is a type of communication between two applications, mostly TCP/IP applications, that talk to each other using an SSH connection.
- It is also known as SSH Port forwarding.
- In Simple terms, it routes the local network traffic through SSH to the remote hosts.
When to use Tunneling?
- We can use Tunneling to secure the communications between different applications that aren’t secure.
To access geo-restricted content or bypassing intermediate firewalls.
Types of Tunneling/Port forwarding
There are three types of port forwarding with SSH:
1. Local Port Forwarding
- We can perform Local port forwarding with the help of -L parameter.
- With the help of local port forwarding we can forward a connection from the client host to the SSH server host and then finally to the destination host port.
Syntax: ssh -L SourcePort:ForwardToHost:DestinationPort SshSserverhost
Let’s assume we have an Oracle database server running on machine “db123.host” on a private network, on port 3421 which can be accessed from the machine mach123.host and we want to connect using our local machine oracle client to the database server. To do so we can forward the connection as done below:
$ ssh -L 3331:db123.host:3421 firstname.lastname@example.org
2. Remote Port Forwarding
- Remote port forwarding allows users to connect from remote machines to the local computer.
- It is not allowed in ssh by default. To enable it we have to edit SSHD configuration file /etc/ssh/sshd_config on the remote host.
$ sudo vim/etc/ssh/sshd_config
Now look for GatewayPorts and then uncomment it and set it to yes.Now restart sshd to apply the recent change you made by below Command:
$ sudo systemctl restart sshd
Syntax: ssh -R RemotePort:localhost:LocalPort SSHServerHostname
Let’s assume that you are inside the remote server 126.96.36.199. In below command we are redirecting any connections directed at port 8080 to the local machine listening on port 5534. You can configure Remote Port Forwarding by the below command :
ssh –R 8080:localhost:5534 188.8.131.52
3. Dynamic Port Forwarding
- Dynamic port forwarding is not very common .
- Many people find it easier to use local port forwarding to achieve similar results.
- It allows communication with a single port.
- Note: Dynamic port forwarding sets up our machine as SOCKS proxy server which listens on port 1080, by default.
We can create a Socks proxy server by using ssh command with -D as an argument.
Syntax: ssh –D LocalPort SshServerHostname
In the below command, we have asked to open a local port 6430 on the localhost, which will direct all the requests to that port to the remote host (184.108.40.206).
ssh –D 6430 220.127.116.11
In this blog we have looked into SSH port forwarding and its three different types. We also discussed the various commands that are used to perform SSH port forwarding/Tunneling.