2.7 KiB
2.7 KiB
SSH Tunneling
Local Forwarding
Examples
NOTE: these use autossh to prevent the tunnel from dying
Plex
autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
ESXi
autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 chawley@aristotle.planethawleywood.com
Both ESXi and AWX
autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 -L 8091:192.168.0.25:80 chawley@aristotle.planethawleywood.com
Both Plex and Derry OD
autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 -L 8070:192.168.0.209:80 chawley@aristotle.planethawleywood.com
| Protocol | From | To | via | Notes |
|---|---|---|---|---|
| SSH | my office workstation | RRD Jumpbox | chawley2@ladmin2 | I have the jumpbox host configured in.ssh/config on both machines |
ssh -N -L 8090:54.184.92.50:22 chawley2@ladmin2
| Protocol | From | To | via | Notes |
|---|---|---|---|---|
| SSH | my office workstation | Plex (derry) | chawley@aristotle |
ssh -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
Remote Forwarding
NOTE: By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this.
The following alternatives are possible:
GatewayPorts no
This prevents connecting to forwarded ports from outside the server computer.
GatewayPorts yes
This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port.
Example
| Protocol | From | To | Notes |
|---|---|---|---|
| web | derry | overlook | This allows you to access apache web pages on derry by visiting http://overlook.planethawleywood.com:8888 as long as GatewayPorts yes is present in /etc/ssh/sshd_config (as explained above) and port 8888 is open on Overlook |
ssh -R 8888:localhost:80 root@overlook