This page provides information about PortForwarding via SSH.


When talking about 'localhost', we see it as the localhost with reference to the remote host (server where we are connected to via SSH)

For the 'localhost'with reference to the computer where IT-Tool runs, we need to use '127.0.0.1'


A list of TCP and UDP port numbers per protocol can be checked via Wikipedia.

Information about Port Forwarding can also be obtained from the Ubuntu help


The following information is an extract from internet,  ssh tunnel - What is the difference between Local/Remote/Dynamic SSH tunneling? - Server Fault:

The machine, where the ssh tunnel command is typed (or Putty is started or IT-Tool runs) is called »your host«.


ForwardedPortLocal


Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.

ssh -L sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the local sourcePort to port onPort on the machine called forwardToHost, which can be reached from the connectToHost machine.




We would use the following instructions in IT-Tool:


'Create a SSH connection to the server

SSHConnect("remotehost", "remotehostUsername", "remotehostPassword", 22, 50, 10)


'Create a forwarded port. 'localhost' is relative to the SSH server

'127.0.0.1 is the localhost for the computer where IT-Tool runs on.

'So the server port 3307 is now connected to the local computer port 3337

SSHStartForwardedPort("127.0.0.1", 3337, "localhost", 3307)


The port 3307 would be available for connection to a MySQL database on the localhost of the remotehost..

IT-Tool now can make a connection via server 127.0.0.1, port 3337.




ForwardedPortRemote


Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.

ssh -R sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the remote sourcePort to port onPort on the machine called forwardToHost, which can be reached from your local machine.


This option is used less, but we can use it with SSHStartForwardedPort (only we have to set the optional variable AsRemote to true)



ForwardedPortDynamic


There is no example available for use with IT-Tool. It is made available, just in case.

Dynamic (option -D in SSH) is like Local but instead of forwarding to one and only one specific remotehost and port, SSH acts as a SOCKS proxy to the remotehost.

What does a Socks proxy do? It accepts all your requests and forwards it dynamically to the remote hosts and ports, that the original program wanted it to


If you want to tunnel your browser traffic (with Firefox for example), you do not only want to access ONE website (remotehost and port), but surf freely in the www. So you need a dynamic tunnel, a socks proxy.

On your computer (your host) you do:

ssh -D 5000 remotehost   # or the equivalent option "dynamic" with putty

Firefox traffic tunnelled

For this you can edit your Firefox configuration, so that your browser uses your socks proxy. Type in the Firefox address bar:

about:config

Now edit the following values:

network.proxy.socks             string localhost
network.proxy.socks_port        integer 5000
network.proxy.socks_remote_dns  boolean true
network.proxy.type              integer 1   (0 ist default)
media.peerconnection.enabled    boolean false (true ist default)

You can now surf in the internet without anybody at the strange place knowing what you do.



Created with the Personal Edition of HelpNDoc: Create cross-platform Qt Help files