# SSH port forwarding



## Abstract (Mar 15, 2010)

Hi Everyone,

Port forwarding in a ssh tunnel should be rather easy to setup. I'm using windows and I 
know how to setup putty to use port forwarding for thing like smtp or pop. 

However every time I use port forwarding my connection is refused. 

In the ssh server configuration I already put AllowTcpForwarding to yes without a 
wanted result. 

Did I miss some ssh server setting to allow port forwarding through a ssh tunnel?

Best Wishes,
Arian


----------



## DutchDaemon (Mar 15, 2010)

Have you commented out (or set to "yes") 
	
	



```
PermitTunnel no
```
?


----------



## Abstract (Mar 15, 2010)

Your right, that was the issue and it worked!

Dank u wel landgenoot


----------



## chum_arun (Aug 2, 2010)

Hi All,

I need to know some information on what is port forwarding and how it works.
I am using "Plink" tool for port forwarding.

[cmd=]plink -ssh -L localport:remotehost:remoteport gateway_server[/cmd]

Can some one explain what this command will do. I have some basic understanding of port forwarding.
I need to know what this "gateway_server" will do in port forwarding. Is it a ordinary unix machine or have to configure something on it.

Could some one help clearing the port forwarding concept.

Thanks in advance.


----------



## SirDice (Aug 2, 2010)

chum_arun said:
			
		

> ```
> plink -ssh -L localport:remotehost:remoteport gateway_server
> ```



This will tunnel localhost:localport to remotehost:remoteport via gateway_server.


----------



## chum_arun (Aug 2, 2010)

Hi SirDice thanks for your reply.. But still I have a doubt.



> This will tunnel localhost:localport to remotehost:remoteport via gateway_server.



This gateway server can be any unix machine or a machine in which i have to configure something for the port forwarding to happen.

Could you please explain this..


----------



## SirDice (Aug 2, 2010)

chum_arun said:
			
		

> This gateway server can be any unix machine or a machine in which i have to configure something for the port forwarding to happen.


It will have to run SSH with port forwarding enabled.


----------



## chum_arun (Aug 3, 2010)

Thanks.. How to find out that port forwarding is enabled in a machine or not. 
Will there be any configuration file having this information?
So in order to make any machine allow port forwarding only editing that configuration file will be enough or I have to do some other changes?

Please give me some inputs on this.. I am realy confused on this...So this gateway server will receive inputs from the local port and forward to the remote port.. Am I correct??? If I am wrong please explain this concept..


----------



## SirDice (Aug 3, 2010)

chum_arun said:
			
		

> Thanks.. How to find out that port forwarding is enabled in a machine or not.
> Will there be any configuration file having this information?


/etc/ssh/sshd_config



> So in order to make any machine allow port forwarding only editing that configuration file will be enough or I have to do some other changes?


Port forwarding is turned on by default.



> Please give me some inputs on this.. I am realy confused on this...So this gateway server will receive inputs from the local port and forward to the remote port.. Am I correct??? If I am wrong please explain this concept..


No, the gateway server will receive the SSH connection. The client will then forward it's local port to the remote ip and port.

http://www.engadget.com/2006/03/21/how-to-ssh-tunnels-for-secure-network-access/


----------



## chum_arun (Aug 3, 2010)

Thanks SirDice..Still I Dont get the actula point.. Let me rephrase the question..

[cmd=]plink -ssh -L localport:remotehost:remoteport gateway_server[/cmd]

Executing this command will ask the credentials for the gateway_server.

Now I have the Shell access of the gateway_server.(Tunnel Created... Am I Correct????)

Now Sholud I give "ssh localhost localport" in the gateway_server's shell or in a new *Putty *or *plink*.

Can you please expain what is the difference between the two. 
And what will happen if I give "ssh localhost localport" in both cases....

Thanks,
Arun


----------



## DutchDaemon (Aug 3, 2010)

I will give you one example:

I have a server somewhere that runs a webserver (serving local statistics) on the loopback interface (to be precise: on *127.0.0.1:81*).

To see those statistics from home, I have made a PuTTY profile which looks like this (under the SSH / Tunnels sub-menu for that SSH profile):







This will enable me to point my *local webbrowser* to http://127.0.0.1:8181/. 

This connection is then forwarded over SSH to that server, and linked to *127.0.0.1:81* on that server. 

There's no need to use the same port on both ends. It's just as easy to forward http://127.0.0.1:12345 to 127.0.0.1:81 over SSH.

The same thing can be achieved using the -L flag to SSH on the commandline. The PuTTY sessions above is basically:

`ssh -L 127.0.0.1:8181:127.0.0.1:81 other_server`

Depending on permissions/routing at the other end, you can also forward such a connection to a machine on a network behind that server, e.g.

`ssh -L 127.0.0.1:8181:10.10.10.10:80 other_server`


----------

