SSH tunneling is a big topic and I don't think I have (probably nor can I) cover all the aspects in one single article. I still have some topics I am interested in but haven't talked about yet. They are listed here.
(I made some notes as follow but need to verify them when I have time and merge them into the main article.)
Suppose we have two hosts:
- Host A:
- IP: 192.168.16.242
- Host B:
- IP: 192.168.16.243
- Username:
vagrant - SSH server: at port 22
- Has an Apache2 server running at the port 80.
When we do the local forwarding as follows in order to access the Apache2 service from Host A:
ssh -L 9001:localhost:80 -p 22 -l vagrant 192.168.16.243:- By default,
localhostis bound to the local port (9001in this case) so the command above is equivalent tossh -L localhost:9001:localhost:80 .... curl http://192.168.16.242:9001fails.curl http://localhost:9001succeeds.
- By default,
ssh -L 192.168.16.242:9001:localhost:80 -p 22 -l vagrant 192.168.16.243:curl http://192.168.16.242:9001succeeds.curl http://localhost:9001fails.
ssh -L *:9001:localhost:80 -p 22 -l vagrant 192.168.16.243:- This binds all the network interfaces with the port
9001. curl http://192.168.16.242:9001succeeds.curl http://localhost:9001succeeds.
- This binds all the network interfaces with the port
ssh -g -L 9001:localhost:80 -p 22 -l vagrant 192.168.16.243:- Equivalent to
ssh -L *:9001:localhost:80 .... curl http://192.168.16.242:9001succeeds.curl http://localhost:9001succeeds.
- Equivalent to
ssh -g -L localhost:9001:localhost:80 -p 22 -l vagrant 192.168.16.243:- Although
-gis used,localhost:9001overrides-gso onlylocalhostis bound to the port9001. The effect of-gis thus cancelled. curl http://192.168.16.242:9001fails.curl http://localhost:9001succeeds.
- Although
See ssh(1).
By reading the articles written by others, I can learn how to explain the topic better: