I have some doubts about traffic forwarding Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200 is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22 ??? -- *"Do or do not. There is no try"* * **Yoda Master*
On Mon, Jul 18, 2011 at 2:05 PM, Daniel. <danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200
is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22
???
-- *"Do or do not. There is no try"* * **Yoda Master*
You may want to read the wiki article for ssh. https://wiki.archlinux.org/index.php/SSH It is very detailed. -- "Breath Deeply and Dream"
And yet, it doesn't touch on forwarding of anything other than X11 data. To answer the original question, you're missing the host you're trying to connect to, but I'll fill in the blanks ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine. This comes in useful for things like forwarding VNC securely, e.g. ssh -L 60000:remotevncserver:5901 remotevncserver and then connecting to the vncserver at localhost:60000 ssh -R X:host1:Y host2 means open a connection to host2, including shell, and then host2 should listen on port X for connections, which it will then send back to your local host, which will forward the connection on to host1 on port Y. In your example you're missing the host you're connecting to, but I can tell you that: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:2000 192.168.1.100 when you start from 192.168.1.100 is functionally equivalent to ssh -R 1000:192.168.1.100:2000 192.168.1.200 when you start from 192.168.1.100, in that both solutions will forward a connection from 192.168.1.200:1000 to 192.168.1.100:2000 (I didn't use the port 22 from your example, as that would imply that ssh wasn't running there, so you'd need to use -p and other messiness). Hope this helps, David J. Haines dhaines@gmail.com On Mon, Jul 18, 2011 at 3:12 PM, Jeffrey Lynn Parke Jr. < jeffrey.parke@gmail.com> wrote:
On Mon, Jul 18, 2011 at 2:05 PM, Daniel. <danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200
is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22
???
-- *"Do or do not. There is no try"* * **Yoda Master*
You may want to read the wiki article for ssh. https://wiki.archlinux.org/index.php/SSH
It is very detailed.
-- "Breath Deeply and Dream"
On 07/18/2011 10:03 PM, David J. Haines wrote:
And yet, it doesn't touch on forwarding of anything other than X11 data.
To answer the original question, you're missing the host you're trying to connect to, but I'll fill in the blanks
ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine. This comes in useful for things like forwarding VNC securely, e.g. ssh -L 60000:remotevncserver:5901 remotevncserver and then connecting to the vncserver at localhost:60000
ssh -R X:host1:Y host2 means open a connection to host2, including shell, and then host2 should listen on port X for connections, which it will then send back to your local host, which will forward the connection on to host1 on port Y.
In your example you're missing the host you're connecting to, but I can tell you that:
ssh 192.168.1.200 ssh -L 1000:192.168.1.100:2000 192.168.1.100
when you start from 192.168.1.100 is functionally equivalent to
ssh -R 1000:192.168.1.100:2000 192.168.1.200
when you start from 192.168.1.100, in that both solutions will forward a connection from 192.168.1.200:1000 to 192.168.1.100:2000 (I didn't use the port 22 from your example, as that would imply that ssh wasn't running there, so you'd need to use -p and other messiness).
Hope this helps,
David J. Haines dhaines@gmail.com
On Mon, Jul 18, 2011 at 3:12 PM, Jeffrey Lynn Parke Jr.< jeffrey.parke@gmail.com> wrote:
On Mon, Jul 18, 2011 at 2:05 PM, Daniel.<danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200
is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22
???
-- *"Do or do not. There is no try"* * **Yoda Master*
You may want to read the wiki article for ssh. https://wiki.archlinux.org/index.php/SSH
It is very detailed.
-- "Breath Deeply and Dream"
Please put that in the SSH article! Also, please bottom post from now on.
-- Sven-Hendrik
On 07/18/2011 10:03 PM, David J. Haines wrote:
And yet, it doesn't touch on forwarding of anything other than X11 data.
To answer the original question, you're missing the host you're trying to connect to, but I'll fill in the blanks
ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine. This comes in useful for things like forwarding VNC securely, e.g. ssh -L 60000:remotevncserver:5901 remotevncserver and then connecting to the vncserver at localhost:60000
ssh -R X:host1:Y host2 means open a connection to host2, including shell, and then host2 should listen on port X for connections, which it will then send back to your local host, which will forward the connection on to host1 on port Y.
In your example you're missing the host you're connecting to, but I can tell you that:
ssh 192.168.1.200 ssh -L 1000:192.168.1.100:2000 192.168.1.100
when you start from 192.168.1.100 is functionally equivalent to
ssh -R 1000:192.168.1.100:2000 192.168.1.200
when you start from 192.168.1.100, in that both solutions will forward a connection from 192.168.1.200:1000 to 192.168.1.100:2000 (I didn't use the port 22 from your example, as that would imply that ssh wasn't running there, so you'd need to use -p and other messiness).
Hope this helps,
David J. Haines dhaines@gmail.com
On Mon, Jul 18, 2011 at 3:12 PM, Jeffrey Lynn Parke Jr.< jeffrey.parke@gmail.com> wrote:
On Mon, Jul 18, 2011 at 2:05 PM, Daniel.<danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200
is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22
???
-- *"Do or do not. There is no try"* * **Yoda Master*
You may want to read the wiki article for ssh. https://wiki.archlinux.org/index.php/SSH
It is very detailed.
-- "Breath Deeply and Dream"
Please put that in the SSH article! Also, please bottom post from now on.
-- Sven-Hendrik Thanks for all helping .. I got it.. I was using putty and that mess up
Em 18-07-2011 18:14, Sven-Hendrik Haase escreveu: the syntax up my head.. Thanks David, your explanation was really clarifying -- "Do or do not... there is no try" Yoda Master
On Mon, Jul 18, 2011 at 8:57 PM, Daniel Hilst Selli <danielhilst@gmail.com>wrote:
Em 18-07-2011 18:14, Sven-Hendrik Haase escreveu:
On 07/18/2011 10:03 PM, David J. Haines wrote:
And yet, it doesn't touch on forwarding of anything other than X11 data.
To answer the original question, you're missing the host you're trying to connect to, but I'll fill in the blanks
ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine. This comes in useful for things like forwarding VNC securely, e.g. ssh -L 60000:remotevncserver:5901 remotevncserver and then connecting to the vncserver at localhost:60000
ssh -R X:host1:Y host2 means open a connection to host2, including shell, and then host2 should listen on port X for connections, which it will then send back to your local host, which will forward the connection on to host1 on port Y.
In your example you're missing the host you're connecting to, but I can tell you that:
ssh 192.168.1.200 ssh -L 1000:192.168.1.100:2000 192.168.1.100
when you start from 192.168.1.100 is functionally equivalent to
ssh -R 1000:192.168.1.100:2000 192.168.1.200
when you start from 192.168.1.100, in that both solutions will forward a connection from 192.168.1.200:1000 to 192.168.1.100:2000 (I didn't use the port 22 from your example, as that would imply that ssh wasn't running there, so you'd need to use -p and other messiness).
Hope this helps,
David J. Haines dhaines@gmail.com
On Mon, Jul 18, 2011 at 3:12 PM, Jeffrey Lynn Parke Jr.< jeffrey.parke@gmail.com> wrote:
On Mon, Jul 18, 2011 at 2:05 PM, Daniel.<danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200
is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22
???
-- *"Do or do not. There is no try"* * **Yoda Master*
You may want to read the wiki article for ssh. https://wiki.archlinux.org/**index.php/SSH<https://wiki.archlinux.org/index.php/SSH>
It is very detailed.
-- "Breath Deeply and Dream"
Please put that in the SSH article! Also, please bottom post from now
on.
-- Sven-Hendrik
Thanks for all helping .. I got it.. I was using putty and that mess up the syntax up my head..
Thanks David, your explanation was really clarifying
-- "Do or do not... there is no try" Yoda Master
My pleasure, and there's now a section on generic forwarding on the wiki, right beneath the X11 forwarding section. I also included a bit about acting as a forwarding gateway. David J. Haines dhaines@gmail.com
On 07/19/2011 01:49 PM, David J. Haines wrote:
On Mon, Jul 18, 2011 at 8:57 PM, Daniel Hilst Selli <danielhilst@gmail.com>wrote:
Em 18-07-2011 18:14, Sven-Hendrik Haase escreveu:
On 07/18/2011 10:03 PM, David J. Haines wrote:
And yet, it doesn't touch on forwarding of anything other than X11 data.
To answer the original question, you're missing the host you're trying to connect to, but I'll fill in the blanks
ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine. This comes in useful for things like forwarding VNC securely, e.g. ssh -L 60000:remotevncserver:5901 remotevncserver and then connecting to the vncserver at localhost:60000
ssh -R X:host1:Y host2 means open a connection to host2, including shell, and then host2 should listen on port X for connections, which it will then send back to your local host, which will forward the connection on to host1 on port Y.
In your example you're missing the host you're connecting to, but I can tell you that:
ssh 192.168.1.200 ssh -L 1000:192.168.1.100:2000 192.168.1.100
when you start from 192.168.1.100 is functionally equivalent to
ssh -R 1000:192.168.1.100:2000 192.168.1.200
when you start from 192.168.1.100, in that both solutions will forward a connection from 192.168.1.200:1000 to 192.168.1.100:2000 (I didn't use the port 22 from your example, as that would imply that ssh wasn't running there, so you'd need to use -p and other messiness).
Hope this helps,
David J. Haines dhaines@gmail.com
On Mon, Jul 18, 2011 at 3:12 PM, Jeffrey Lynn Parke Jr.< jeffrey.parke@gmail.com> wrote:
On Mon, Jul 18, 2011 at 2:05 PM, Daniel.<danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
Supposing that my IP is 192.168.1.100 and the remote is 192.168.1.200
is this -> ssh -R 1000:192.168.1.200:22 the same as this: ssh 192.168.1.200 ssh -L 1000:192.168.1.100:22
???
-- *"Do or do not. There is no try"* * **Yoda Master*
You may want to read the wiki article for ssh. https://wiki.archlinux.org/**index.php/SSH<https://wiki.archlinux.org/index.php/SSH>
It is very detailed.
-- "Breath Deeply and Dream"
Please put that in the SSH article! Also, please bottom post from now on.
-- Sven-Hendrik
Thanks for all helping .. I got it.. I was using putty and that mess up the syntax up my head..
Thanks David, your explanation was really clarifying
-- "Do or do not... there is no try" Yoda Master
My pleasure, and there's now a section on generic forwarding on the wiki, right beneath the X11 forwarding section. I also included a bit about acting as a forwarding gateway.
David J. Haines dhaines@gmail.com Your contribution to Arch World Domination Enterprises has been received and a company associate has been dispatched to your location with champagne and a party hat.
On Tue, Jul 19, 2011 at 8:01 AM, Sven-Hendrik Haase <sh@lutzhaase.com>wrote:
On 07/19/2011 01:49 PM, David J. Haines wrote:
On Mon, Jul 18, 2011 at 8:57 PM, Daniel Hilst Selli <danielhilst@gmail.com>wrote:
Em 18-07-2011 18:14, Sven-Hendrik Haase escreveu:
On 07/18/2011 10:03 PM, David J. Haines wrote:
And yet, it doesn't touch on forwarding of anything other than X11 data.
To answer the original question, you're missing the host you're trying to connect to, but I'll fill in the blanks
ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine. This comes in useful for things like forwarding VNC securely, e.g. ssh -L 60000:remotevncserver:5901 remotevncserver and then connecting to the vncserver at localhost:60000
ssh -R X:host1:Y host2 means open a connection to host2, including shell, and then host2 should listen on port X for connections, which it will then send back to your local host, which will forward the connection on to host1 on port Y.
In your example you're missing the host you're connecting to, but I can tell you that:
ssh 192.168.1.200 ssh -L 1000:192.168.1.100:2000 192.168.1.100
when you start from 192.168.1.100 is functionally equivalent to
ssh -R 1000:192.168.1.100:2000 192.168.1.200
when you start from 192.168.1.100, in that both solutions will forward a connection from 192.168.1.200:1000 to 192.168.1.100:2000 (I didn't use the port 22 from your example, as that would imply that ssh wasn't running there, so you'd need to use -p and other messiness).
Hope this helps,
David J. Haines dhaines@gmail.com
On Mon, Jul 18, 2011 at 3:12 PM, Jeffrey Lynn Parke Jr.< jeffrey.parke@gmail.com> wrote:
On Mon, Jul 18, 2011 at 2:05 PM, Daniel.<danielhilst@gmail.com> wrote:
I have some doubts about traffic forwarding
> Supposing that my IP is 192.168.1.100 > and the remote is 192.168.1.200 > > is this -> ssh -R 1000:192.168.1.200:22 > the same as this: > ssh 192.168.1.200 > ssh -L 1000:192.168.1.100:22 > > > ??? > > -- > *"Do or do not. There is no try"* > * **Yoda Master* > > > You may want to read the wiki article for ssh. https://wiki.archlinux.org/****index.php/SSH<https://wiki.archlinux.org/**index.php/SSH> <https://wiki.**archlinux.org/index.php/SSH<https://wiki.archlinux.org/index.php/SSH> >
It is very detailed.
-- "Breath Deeply and Dream"
Please put that in the SSH article! Also, please bottom post from now
on.
-- Sven-Hendrik
Thanks for all helping .. I got it.. I was using putty and that mess up the syntax up my head..
Thanks David, your explanation was really clarifying
-- "Do or do not... there is no try" Yoda Master
My pleasure, and there's now a section on generic forwarding on the
wiki, right beneath the X11 forwarding section. I also included a bit about acting as a forwarding gateway.
David J. Haines dhaines@gmail.com
Your contribution to Arch World Domination Enterprises has been received and a company associate has been dispatched to your location with champagne and a party hat.
If it's to be as timely as is the current install ISO, I won't hold my breath. ;) David J. Haines dhaines@gmail.com
El 19/07/11 09:26, David J. Haines dijo:
On Tue, Jul 19, 2011 at 8:01 AM, Sven-Hendrik Haase <sh@lutzhaase.com>wrote:
Your contribution to Arch World Domination Enterprises has been received and a company associate has been dispatched to your location with champagne and a party hat.
If it's to be as timely as is the current install ISO, I won't hold my breath. ;)
You can also create a socks proxy using the -D flag and a port number ;) -- Salud! Nicolás Reynolds, xmpp:fauno@kiwwwi.com.ar omb:http://identi.ca/fauno OTR: C0CB1F0F 01DB5E18 2D634C2A A4626858 E7C7C3A2 http://parabolagnulinux.org http://endefensadelsl.org "Freedom [...] is messy" ~ Eben Moglen
On Tue, Jul 19, 2011 at 9:43 AM, Nicolás Reynolds <fauno@kiwwwi.com.ar>wrote:
El 19/07/11 09:26, David J. Haines dijo:
On Tue, Jul 19, 2011 at 8:01 AM, Sven-Hendrik Haase <sh@lutzhaase.com wrote:
Your contribution to Arch World Domination Enterprises has been received and a company associate has been dispatched to your location with champagne and a party hat.
If it's to be as timely as is the current install ISO, I won't hold my breath. ;)
You can also create a socks proxy using the -D flag and a port number ;)
-- Salud! Nicolás Reynolds, xmpp:fauno@kiwwwi.com.ar omb:http://identi.ca/fauno
OTR: C0CB1F0F 01DB5E18 2D634C2A A4626858 E7C7C3A2
http://parabolagnulinux.org http://endefensadelsl.org
"Freedom [...] is messy" ~ Eben Moglen
I was going to discuss that, but it's already in there directly above X11 forwarding. David J. Haines dhaines@gmail.com
On Mon, Jul 18, 2011 at 3:03 PM, David J. Haines <dhaines@gmail.com> wrote:
.... ssh -L X:host1:Y host2 means open a connection to host2, including shell, and forward anything sent to localhost on port X to host1 on port Y. Host1 and host2 can be the same machine.
... and to briefly expand, it's good to note the behavior when host1/host2 are not the same machine. for example, i use something like the following to access the webpanel of a backup server (only available on a remote private subnet): ssh -CNAfc arcfour -L localhost:1180:10.20.0.75:80 anthonyr@bridge03 ... this says: ) connect to bridge03 ) setup a "relay" of sorts (no port is allocated) ) when i connect to port 1180 on my workstation ... ) ... bridge03 relays the connection to 10.20.0.75, port 80 ... so in effect i am only rebounding off the machine i connected to, using it only as a way to get access to the private subnet. also, note that the "host" and "hostport" is from the REMOTE's prespective ... not your own!! this is a great source of confusion at first. example ... i use the following whenever my fiancé has CUPS issues (a lot ...) to connect to her when i'm at work (this is also over a layer2 openvpn but that doesn't matter): ssh -CNAfc arcfour -L localhost:1631:localhost:631 emily@10.10.210.10 ... which says: ) connect to 10.10.210.10 ) when i connect to port 1631 on my workstation ... ) ... 10.10.210.10 relays the connection to LOCALHOST port 631 ... NOTE how both "bind_address" AND "host" are localhost ... because they are from the perspective of EACH endpoint, not just your's. other examples i use regularly (near verbatim from history log -- names changed to protect the innocent :-): # make MySQL available locally via port 3307 (nice for using a local query browser or schema explorer) ssh -CNAfc arcfour -L localhost:3307:localhost:3306 anthonyr@shared001 # make connections to local port 2222 turn into regular SSH connections to a different host than you connected to (SSH relay) ssh -CNAfc arcfour -L localhost:2222:10.20.23.30:22 anthonyr@fma001 # same purposeas the first example two up, but this host (zimm001) runs SSH on port 7777 vs. 22 ssh -p7777 -L localhost:3307:localhost:3306 anthonyr@zimm001 ... so very useful :-) ... and if your wondering the common options i use for everything: -C compress the stream -N do not execute a command (port forward only) -A forward your agent socket (only needed if you need it available on the remote host -- use with care -- see manpage) -f put ssh into the background after receiving pass [if required] and just before it would execute a remote command -c arcfour use the arcfour cipher (weakest) instead of AES (strongest) this makes a HUGE HUGE difference in bandwidth/overhead (sshfs/FUSE, MySQL forwarding, etc) ... that should give you an even better understanding i hope :-) C Anthony
participants (7)
-
C Anthony Risinger
-
Daniel Hilst Selli
-
Daniel.
-
David J. Haines
-
Jeffrey Lynn Parke Jr.
-
Nicolás Reynolds
-
Sven-Hendrik Haase