I had the difficult task of trying to port forward some traffic that was
blocked in the firewall. Using putty on my local host I am able to
tunnel (5900, 1044, and 1045) traffic to the remote host.
My situation:
MyPc on Intranet -> /FW/ -> Hop box -> /FW/ -> Desired/Network ->/FW/ =>
INTERNET
Here is an outline of what needs to be done.
IN putty go to the tunnels section:
SOURCE PORT: 5900
DESTINATION: 15900
In the upper box you should not have a line that looks like
L5900 localhost:15900
Do the same for EACH port that you have to forward. Now go to
the SSH section. IN the line that states Remote Command put something
like the following:
ssh -NL 15900:Final_destination:5900 -L 1180:final_destination:80
10443:final_destination:443 <any others>
host_that_can_talk_to_final_destination
It is IMPORTANT that the ports in the ssh -NL line match that what was
used in the Tunnel section, as well you might want to have SSH keys
setup so that you do not have to log into the systems. I also have on
the configuration page a HOP/JUMP server that can talk to
host_that_can_talk_to_final_destination
now point your traffic to local host after you started the SSH session
and you are good to go. You can not have ports duplicated because the
port is in use and if you are not root the Listen port needs to be
grater than 1024 unless your OS lets you open the privileged ports.
I hope this helps.
Now do not use this to bypass a corporate firewall to get to porno
sites, or other sites that would violate your company policies.
If more concise details are needed just ask I will provide what I can.
--
Leif Ericksen
On Thu, 2007-08-09 at 19:31 -0700, Robert Hajime Lanning wrote:
For X, ssh should setup the whole thing itself. It actually makes a
virtual X server
on the server side and proxies things across, taking care of
authentication issues.
Your $DISPLAY would be something like "localhost:10".
Use the "-X" option.
For other port forwarding, your syntax is correct. You just need to
have whatever
program connect to localhost, not your client machine.
On 8/8/07, Charles Ritter <charles.ritter@gmail.com> wrote:
Hello,
Does SSH support forwarding miscellaneous ports between two firewalled
hosts? My scenario is this:
12345-| |-12345
MyPC |---------------22-| Server
6000-| |-6000
Forwarding 12345 on server to MyPC:
ssh -R 12345:mypc:12345 server
This seem to work as long as mypc can be resolved by the server.
However, it does not work when mypc is NAT'd and unresolvable.
Shouldn't it work though? Considering I initiated the connection,
shouldn't the remote server be able/willing to send the data? X11
forwarding works in this case, and with a much simpler syntax:
ssh -Y server
Shouldn't something like this work in this case:
ssh -R 12345:localhost:12345 server
ssh -R 12345::12345 server
ssh -R 12345 server
Am I missing something?
Thanks
Chuck
