Jan 04 2009

ssh remote port forwarding

Category: 技术ssmax @ 22:19:31

     -R [bind_address:]port:host:hostport
             Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.  This works by allocat-
             ing a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure
             channel, and a connection is made to host port hostport from the local machine.

             Port forwardings can also be specified in the configuration file.  Privileged ports can be forwarded only when logging in as root on the remote
             machine.  IPv6 addresses can be specified by enclosing the address in square braces or using an alternative syntax:

             By default, the listening socket on the server will be bound to the loopback interface only.  This may be overriden by specifying a bind_address.
             An empty bind_address, or the address ‘*’, indicates that the remote socket should listen on all interfaces.  Specifying a remote bind_address will
             only succeed if the server’s GatewayPorts option is enabled (see sshd_config(5)).


上面是man ssh的说明,其实就是一个通道

client> ssh user@proxy.org 54321:localhost:54321

这样子发到 proxy.org 的54321 端口的请求 就会通过通道发送到 client机的54321端口,完成端口转发,但是要注意几个方面

proxy.org  上面的sshd设置,必须打开 GatewayPorts yes,否则proxy.org 只会监听 的 54321端口,也就是设备lo的端口。

另外一个就是在windows下面用客户端连接proxy.org ,也能实现remote port forwarding,但是我在securecrt新旧版本上面死活没有试验成功,全部都没有转发过来,但是在putty上面一下子就ok了,不知道是不是securtcrt的问题,懒得再去研究了,嘿嘿。


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.