You may already have information about how networks work and know that each device on a network has an IP. There are two types of IPs: public and private. Public IP addresses are available anywhere in the world; But private types are used in internal networks. Such as 192.168x.x, or 10.0x.x. In order to receive information from the Internet, data requests are exchanged with either a public IP address owned by the router or a private IP address corresponding to the address of the computer or any other device connected to the network.
This article will teach you how to create an SSH Tunnel or Port Forward in a Linux VPS server.
How to create an SSH Tunnel or Port Forward in Linux
The SSH Tunnel (also known as SSH port forwarding) is actually the easy routing of local network traffic via SSH to remote hosts. This way all your connections are secure using encryption. This provides an easy way to define a VPN (Virtual Private Network), which connects to private networks through insecure public networks such as the Internet. You may also access the local servers behind NAT and Firewall from a secure tunnel platform, as implemented in ngrok.
By default, SSH sessions allow tunneling for network communication. There are also three types of SSH port forwarding:
We continue this example with respect to the default values below:
Local Host: 192.168.43.31
Remote host: server1.example.com
You can securely connect to a remote server using SSH as in the example below. I have configured the ssh login without password between remote and local hosts, so I am not asked for a password.
$ ssh [email protected]
What is SSH port forwarding
SSH tunneling or SSH port forwarding is quite simply able to route internal network traffic to remote hosts through SSH tunnels. This means that all incoming traffic is secured through encryption. This solution provides a simple way to create a VPN tunnel that is a practical way to connect to private networks over the Internet.
It may also use the Internet platform to access servers located behind NAT or firewalls.
SSH sessions allow tunneling of all network communications by default. There are currently three methods for SSH port forwarding: Local, Remote, and Dynamic.
Normally we can securely connect to our server using SSH.
Local SSH Port Forwarding
This type of port forwarding allows you to connect to a remote server from your local computer.
Suppose you are behind a restricted firewall or are blocked by an output firewall from accessing an application running on port 3000 on your remote server. You can forward a local port (for example 8080) that you can use to access the application locally.
Note: The -L option is for defining the forwarded port to the remote host and remote port.
$ ssh [email protected] -L 8080: server1.example.com:3000
Adding the -N option means not executing a remote command, in which case you will not receive a shell.
$ ssh -N [email protected] -L 8080: server1.example.com:3000
The -f option executes the ssh command in the background environment.
Now open a browser on your local machine instead of accessing the remote app. Instead of using server1.example.com:3000 you can easily use localhost: 8080 or 192.168.43.31: 8080 as shown below.
Remote SSH Port Forwarding
Remote SSH Port Forwarding allows you to connect to your local computer from your remote machine.
Note: By default, ssh does not allow remote port forwarding. You can enable it using the GatewayPorts section in the main sshd settings located in the etc/ssh/sshd_config/ config file on your remote host.
Open the file and edit it using your favorite text editor.
$ sudo vim /etc/ssh/sshd_config
Look for the desired section and remove it from the comment and set its value as yes as below.
Save the changes and exit. Then in order to apply the changes you need to restart the sshd service.
$ sudo systemctl restart sshd
$ sudo service sshd restart
Then run the f
ollowing command to forward port 5000 on the remote machine to port 3000 on the local machine.
$ ssh -f -N [email protected] -R 5000:localhost:3000
Once you understand this method of tunneling, you can easily and securely publish a local programming server, especially if it is behind NAT and Firewall.
Tunnels like Ngrok, pagekite, localtunnel and countless other methods all work the same way.
Dynamic SSH Port Forwarding
This is the third method of port forwarding. Unlike local port forward and remote, which made it possible to communicate with a separate port, this method allows for a full range of TCP communications through a range of ports.
The Dynamic Port Forwarding method sets up and defines your machine as a SOCKS proxy server that is playing by default on port 1080.
For starters, SOCKS is an Internet protocol that defines how a client connects to a server through a proxy server (here SSH). You can enable Dynamic Port Forwarding with the -D option.
The following command starts a SOCKS proxy on port 1080 that allows you to connect to a remote host.
$ ssh -f -N -D 1080 [email protected]
From now on, you can make applications on your machine use this SSH Proxy server. All you have to do is configure them to use this server.
Note that Socks Proxy will stop working after session ssh is closed.
In this post we have explained the different types of port forwarding from one machine to another and for tunneling traffic through a secure SSH connection. This is one of the many uses of SSH.
Port forwarding ssh has significant drawbacks, this command can have adverse effects. Can be used to bypass network monitoring and traffic filtering (or firewall) applications. Hackers can use it for their malicious activities.