# SSH Tunneling

## Local Forwarding

### Examples

NOTE: these use autossh to prevent the tunnel from dying

Plex

```shell
autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
```

ESXi

```shell
autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 chawley@aristotle.planethawleywood.com
```

Both ESXi and AWX

```shell
autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 -L 8091:192.168.0.25:80 chawley@aristotle.planethawleywood.com
```

Both Plex and Derry OD

```shell
autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 -L 8070:192.168.0.209:80 chawley@aristotle.planethawleywood.com
```

---

| Protocol | From                  | To          | via              | Notes                                                             |
| -------- | --------------------- | ----------- | ---------------- | ----------------------------------------------------------------- |
| SSH      | my office workstation | RRD Jumpbox | chawley2@ladmin2 | I have the jumpbox host configured in.ssh/config on both machines |

```shell
ssh -N -L 8090:54.184.92.50:22 chawley2@ladmin2
```

| Protocol | From                  | To          | via              | Notes                                                             |
| -------- | --------------------- | ----------- | ---------------- | ----------------------------------------------------------------- |
| SSH      | my office workstation | Plex (derry) | chawley@aristotle |  |

```shell
ssh -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
```

## Remote Forwarding

NOTE: By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this. 

The following alternatives are possible:

```shell
GatewayPorts no
```

This prevents connecting to forwarded ports from outside the server computer.

```shell
GatewayPorts yes
```

This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port.

### Example

| Protocol | From                  | To          | Notes |
| -------- | --------------------- | ----------- | -------------- |
| web      | derry | overlook | This allows you to access apache web pages on derry by visiting <code>http://overlook.planethawleywood.com:8888</code> as long as <code>GatewayPorts yes</code> is present in <code>/etc/ssh/sshd_config</code> (as explained above) and port 8888 is open on Overlook |

```shell
ssh -R 8888:localhost:80 root@overlook
```

## Reference

* [How To Use SSH Tunneling](https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/)
* [SSH Port Forwarding Example](https://www.ssh.com/ssh/tunneling/example)