First page Back Continue Last page Overview Graphics
Port Forwarding – real server on this machine
All web traffic to my firewall should be redirected to the web server running on port 8000 on my machine instead:
- ssh –R 80:MyMachine:8000 firewall
The “-R” is a shorthand for listen for connections on Remote (on the ssh server computer) port (in this example 80), and when you hear one, pull all its packets back to the local machine (MyMachine) and feed them into port 8000 on MyMachine.
The crucial difference here is the fact that ssh listens on the remote machine for incoming tcp connections and carries them back to a server on the local machine. The server that will actually handle the requests needs to be running on the local machine.
Please note that port forwarding in ssh only works for TCP ports; that’s why we don’t need to specify a protocol on the command line. If you want to do port forwarding for UDP, you’ll need to look at Network Address Translation (NAT) facilities in the Linux kernel or use a UDP proxy. Remember that that approach loses the encryption that SSH gives for free for TCP.