Google
 
 
Home

Main Menu
 Home
 Linux Articles
 FreeBSD Articles
 Apache Articles
 Perl Articles
 Other Articles
 Program Downloads
 Free Books
 News
 The Web Links
 Contact Us

Most Read
Automating SFTP using expect
FreeBSD PPTP VPN
Shorewall Router on Linux
SnortShorwall - Using Snort And Shorewall Together
Shorewall Stand Alone Firewall

Polls
Favorite Linux/BSD
Fedora
Mandrake
Debian
Slackware
Gentoo
Suse
FreeBSD
Other
  

Syndicate
Latest news direct to your desktop
RSS

Login Form
Username

Password

Remember me
Forgotten your password?
No account yet? Create one

Members Online
Linux-BSD-Central Has a Total of 701 Members   Members (701) # Online
We have 6 Guests Online. Guests 6
We have 0 Users Online. Users 0

Online Users
No Users Online

Statistics
OS: Linux w
PHP: 5.2.9
MySQL: 5.0.91-community
Time: 14:40
Members: 701
Hits: 1324414
News: 277
WebLinks: 15



-->

SSH tunneling   PDF  Print  E-mail 
Contributed by Chad Brandt  
Sunday, 25 January 2009

There are times you need to access a service or website that runs on a port that is blocked for public access. For example you have a test site on your company computer running on 8080 and this is not accessible from the public internet. If you have ssh access to the machine or any machine on that network you can easily setup a tunnel to access that port

This will explain how to setup a tunnel and will works for Mac OS X, Linux, FreeBSD, cywgin, or any other OS with ssh shell program.

Lets say you want to access a website on port 8080 on a machine that is behind a firewall but you have ssh access to this machine. In this case you can do the following to access the website on port 8080
> ssh -L 8080/localhost/8080 user@mycompany.com
log in when your are prompted for your password and you will appear to have a typical ssh shell, but in addition you are running a tunnel. Now you can access the website by going to http://localhost:8080 this will really be going to http://mycompany.com:8080

Lets say the website is running on a different machine than you have access to but the one you have access to can access 8080. In this case you can do the following to access the website on port 8080
> ssh -L 8080/10.2.2.2/8080 user@mycompany.com
This will forward all traffic to 8080 on your local machine to 8080 on 10.2.2.2 so going to http://localhost:8080 would really be the sam e as going to http://10.2.2.2:8080

In most cases the ssh session will timeout in a certain time of inactivity. To prevent this I usually use a script that executes vmstat -20 on the remote machine. This gives the output of vmstat every 20 seconds and keeps the connection open. Here is a sample script I use to tunnel ports 

#!/bin/sh

ssh  
-L 993/imap.gmail.com/993 
-L 465/smtp.gmail.com/465 
-L 587/smtp.gmail.com/587 
-L 23/localhost/22 
-L 3128/localhost/3128 
chad@linux.server.com vmstat 20

Another place this comes in handy is when you are at a place that blocks or limits web access. In this case you can setup a squid proxy server on your machine at home than just open an ssh tunnel to your home machine and forward port 3128. Now just setup your browser to use a proxy on localhost 3128 and you will be surfing the web over ssh via your proxy. Nobody can monitor your web usage because it all goes thru ssh.

Comments

Write Comment
Name:Guest
Title:
BBCode:Web AddressEmail AddressBold TextItalic TextUnderlined TextQuoteCodeOpen ListList ItemClose List
Comment:



Powered by AkoComment 1.0 beta 2!



 
Google Ads



 

Check out TwistByte - The best mobile apps available For awesome Android and IPhone applications!!