Home > bash > ssh – Local Port Forwarding

ssh – Local Port Forwarding

Problem:
1. I have a devpi server on 192.168.23.79 (devpi-server) on port 3141 on a vagrant box.
2. I have code on 192.168.23.80 (mybox) that will install software cached by 192.168.23.79.
3. I have dh-virtualenv that is used when building debian packages that explicitly points to 192.168.23.79:3141.

The issue is that because of 3, when someone else checks out my code, they need to remember to manually change the IP address. This is not acceptable. I can do better.

Solution:
Port forward 192.168.23.79:3141 to localhost:3141 and use that in the configuration file. That way when someone checks out my code they just need to ensure that they have devpi-server listening on their localhost. Everyone is happy.

Steps:
1. On a terminal on my dev box aka mybox I run netstat to check what is listening if anything on port 3141.

NETSTAT(8) Linux Programmer’s Manual NETSTAT(8)

NAME
netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

SYNOPSIS
netstat [address_family_options] [–tcp|-t] [–udp|-u] [–raw|-w] [–listening|-l] [–all|-a] [–numeric|-n] [–numeric-hosts] [–numeric-ports] [–numeric-users] [–symbolic|-N]
[–extend|-e[–extend|-e]] [–timers|-o] [–program|-p] [–verbose|-v] [–continuous|-c]

mybox:~ $ netstat --tcp --listening --numeric --program --udp | grep 3141
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)

As per above output, I have nothing on 3141. From the ssh man page. I am interested in the -L option.

SSH(1) BSD General Commands Manual SSH(1)

NAME
ssh — OpenSSH SSH client (remote login program)

SYNOPSIS
ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key]
[-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]

DESCRIPTION
ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted com‐
munications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel.

-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on
the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is
made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in
square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit
bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty
address or ‘*’ indicates that the port should be available from all interfaces.

2. I then connect to the devpi-server from the dev box using ssh.

mybox:~ $ ssh -L localhost:3141:192.168.23.79:3141 vagrant@192.168.23.79

OR

mybox:~ $ ssh -L 3141:192.168.23.79:3141 vagrant@192.168.23.79

3. I open up another terminal on the dev box and run netstat:

 mybox:~ $ netstat -tlnup | grep 3141
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:3141          0.0.0.0:*               LISTEN      2047/ssh
tcp6       0      0 ::1:3141                :::*                    LISTEN      2047/ssh

This means that my traffic for 192.168.23.79:3141 is being forwarded through 127.0.0.1:3141 to the devpi-server.

Source:

http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: