f



What is the difference between local port forwarding (-L) and remote port forwarding (-R)

Hi!

I need to do an SSH tunnel to encrypt the data sent between an agent
and a the server. I'm able to establish a tunnel but there's something
that I can't understand...

What is the difference between the bit -L and the bit -R. I've read
the man of SSH on Fedora. It's seems to be simple but in practice, I
don't understand.

Can somebody help me on this subject?

Thanks a lot!

Yann
0
4/27/2004 7:10:21 AM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

2 Replies
754 Views

Similar Articles

[PageSpeed] 14

> What is the difference between the bit -L and the bit -R.

-L forwards a port from the client to the server.
-R forwards a port from the server to the client.

-- 
To reply by email, replace "deadspam.com" by "alumni.utexas.net"
0
andrex (444)
4/27/2004 8:52:23 AM
In article <d73d6e32.0404262310.5dd662ed@posting.google.com>,
Yann Laviolette <yann_laviolette@gnome.org> wrote:
>What is the difference between the bit -L and the bit -R. I've read
>the man of SSH on Fedora. It's seems to be simple but in practice, I
>don't understand.

Example: "ssh -L 2000:1.2.3.4:2000 server" is a "local" forward and will
listen on the client (ie the machine you ssh'ed from) on port 2000.
If something connects to the client on port 2000, a "channel" will be
opened inside the SSH connection and the server will connect to 1.2.3.4 on
port 2000.  Any data sent or received will be forwarded over this channel.

In contrast, "ssh -R 2000:1.2.3.4:2000 server" is a "remote" forward,
which will cause the *server* to listen on port 2000, and any connection
arriving at that port will be forwarded over the SSH connection and the
client will connect to 1.2.3.4 on port 2000.

Same concept, different directions.

>Can somebody help me on this subject?

Also try http://www.openssh.com/faq.html#2.11

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
0
dtucker (551)
4/28/2004 2:41:49 AM
Reply:

Similar Artilces:

Prevent blocking remote port when setting up a SSH tunnel/SSH port forwarding?
Assume I create an SSH tunnel to a remote computer with ssh foobar@remcomp -L 20110:remcomp:110 then it seems to me that on the remote computer port 110 is blocked for other clients. Is this true? How can I prevent this exclusive locking? Peter pins1000@yahoo.com (Peter Insold) writes: > Assume I create an SSH tunnel to a remote computer with > > ssh foobar@remcomp -L 20110:remcomp:110 > > then it seems to me that on the remote computer port 110 is blocked for other > clients. Is this true? No. DES -- Dag-Erling Smørgrav - des@des.no...

To Port Forward or Not To Port Forward
System: DP MDD G4, OS 10.4.9 Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3 connected wirelessly, basic home use only Wireless security is very basic: Unique router name and pw, SSID disabled, and connections allowed by MAC addresses only, Linksys firewall is enabled with all the other features set to their defaults, Mac OS firewall is disabled I recently purchased a Logitec QuickCam Pro 5000 webcam that works just fine with iChat right out of the box. Learning how to use it I found some Apple docs and ot...

difference between port redirect and port forwarding
hi all can any body point out the difference between in port redirect and port forwarding? Actually i am trying to forward/redirect all the requests to port 26 to 25, as i cannt access port 25 from my current network. I would appreciate if somebody could suggest a solution for this problem. Thank you Anil On Thu, 30 Oct 2003 18:38:43 GMT, Anil Kommareddy <linuxkid@itslinuxhelp.com> wrote: >Actually i am trying to forward/redirect all the requests to >port 26 to 25, as i cannt access port 25 from my current network. Trying to set up an open relay for SMTP? Having trou...

ssh port forward
Hi, Im trying to set up ssh local port forward. But I dont know the ports to connect to on the remote machine beforehand. Is it possible to setup forward for a range of ports? thanks rc You can specify multiple ports to forward on the command line, or establish a VPN if you have the need for UDP. See: http://www.securitybulletins.com/mediawiki/index.php/SSH_Tunnelling for info on both types. Doug On 21 Nov 2006 15:57:54 -0800 chandranramesh@gmail.com wrote: > Hi, > > Im trying to set up ssh local port forward. > But I dont know the ports to connect to on the remote machine > beforehand. > > Is it possible to setup forward for a range of ports? -- For UNIX, Linux and security articles visit http://SecurityBulletins.com/ In article <1164153474.108673.130230@b28g2000cwb.googlegroups.com> chandranramesh@gmail.com writes: > >Im trying to set up ssh local port forward. >But I dont know the ports to connect to on the remote machine >beforehand. You could perhaps use OpenSSH's "dynamic" port forwarding, i.e. SOCKS - see the -D option. >Is it possible to setup forward for a range of ports? Not as such (with OpenSSH), though (with OpenSSH) you can AFAIK give any number of -L options - i.e. a range is just a matter of giving one -L option for every port in the range. A bit verbose, but the end result would be the same - ssh (any flavour) would need to open a separate socket for every port in the range, the...

Why is port forwarding more secure than opening up a port?
I have never understood this very well, here is my current grasp of it.. If I open up port 110 on my router: 1. If hacker is probing random IP addresses on that port, I will be flagged as open and he will come back and pay me a visit. 2. Any Trojans, viruses, or other malware that works its way into PCs via port 110 will eventually stumble across my open port and infect me. Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server PC): 1. If hacker is probing random IP addresses on that port, will I will be flagged as closed? stealthed? worth a second visit?...

Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to use port 8000 - Router's IP addr = 1.0.0.1, and it's port forwarding is set up to forward port 8000 to 10.0.140. - I can view the camera using 10.0.0.140:8000, no problem. The Question: Should I be able to view the camera using 10.0.0.1:8000? -- PeteCresswell On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid> wrote: > - Webcam's IP addr = 10.0.0.140, and it's set up to > use port 8000 > > - Router's IP addr = 1.0.0.1, and...

ssh remote port forwarding
Hello experts, I have a little problem using ssh and remote port forwarding. Here is the problem: I have one machine (A) behind a nat firewall that I'd like to be able to access from the outside via ssh. Unfortunately I have no control over the router, so no DMZing it. So I was thinking of sshing from machine A behind the firewall to a machine outside the nat (machine B) and using reverse port forwarding on that machine. Then I could ssh to machine B and that would then forward the connection to A. so far I run this on A: sudo ssh -g -N -R 2222:127.0.0.1:22 machineBusername@machineB.something then running the following in the outside world: ssh -p 2222 machineAusername@machineB.something yields a time out. I'm a bit confused on how to get this to work. Is what I want to do pricipally possible and if so, what can I do to make it work? Regards, Sven. -- s v e n (dot) d (dot) m e i e r (at) g m x (dot) n e t In article <e0s4cl$dua$1@dennis.cc.strath.ac.uk> Sven <no@spam.com> writes: > >I have a little problem using ssh and remote port forwarding. Here is >the problem: I have one machine (A) behind a nat firewall that I'd like >to be able to access from the outside via ssh. Unfortunately I have no >control over the router, so no DMZing it. > >So I was thinking of sshing from machine A behind the firewall to a >machine outside the nat (machine B) and using reverse ...

Ports for DB2 behind firewall / ssh port forward
hi newsgroup, I'd like to connect to a remote DB2 Database V 8.2 using the "DB2 Steuerzentrale" (I guess it's called something like "DB2 management console" in the English version). Since the database host is behind a firewall I tried to communicate through ssh port forwarding. Therefore, I run: ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L 50001:remotename:50001 -L 523:remotename:523 remotename Though the ssh connection is established, my "DB2 Steuerzentrale" won't connect to localhost successfully and shows an error num...

port tunneling over ssh (not port-forwarding in the traditional sense)
Does anybody know of a way to do port forwarding over ssh not using the standard ssh functionality, but rather by running a utility on the server and using a special client that forwards data through the terminal session. I think PPP and slirp would do the job, but I would prefer to have a standalone client that exists solely to forward one (or several) ports, rather than acting as my main network connection. > Does anybody know of a way to do port forwarding over ssh not using the > standard ssh functionality, but rather by running a utility on the server > and using a spe...

Net::SSH forward local port
I'm trying to programmatically configure an ssh local port forward through a middle server, then run some commands to a remote ssh server on the far end. I created this ruby script: Net::SSH.start('middleserver', 'testuser', :password => 'testpwd') do |ssh| ssh.forward.local(22004, "remoteserver", 22) ssh.loop end After running this script, I ran this on the command line: ssh remoteuser@localhost -p 22004 "hostname" Works. Then I tried this: Net::SSH.start('middleserver', 'testuser', :password =>...

I have a question about Remote port forwarding in SSH
Hi, I am trying do remote port forwarding in SSH and make the forwarded port available over a network. One machine, S, is behind a firewall and I can ssh out, but not ssh in. I can connect using a VPN which only works with Windoze. The other machine, H, is behind a different firewall, and it can SSH in or out. So I what I do is connect to the machine S from the machine H and then give the command: user@S$ ssh -R22222:localhost:22 H Then, on the machine H, I give the command user@H$ ssh -p 22222 localhost and I am connected. Using public key authentication, I don't need to ...

FTP port forwarding in SSH.. Secure??
I was trying the "FTP Port Forwarding" to secure the FTP transfer). I really like it, but I have a question: On the unix manual pages (man ssh2), the description of the "-L" option indicates that part of the connection is not secure when you use FTP Port Forwarding, could someone please explain me what part is not secure? Is it referring to the FTP data which is non-encrypted inside the tunnel? Below is text from manual page for F-Secure SSH2 SSH2 SSH2(1) NAME ssh2 - secure shell client (remote login program) .... ... -L [protocol/][localhost:]port:host:hostport or -L socks/[localhost:]port The given port on the local (client) host is forwarded to the given host and port on the remote side. This allocates a listener port port on the local side. Whenever a connection is made to this listener, the connection is forwarded over the secure channel and a connection is made to host:hostport from the remote machine (this latter connection will not be secure, it <----- why not secure? is a normal TCP connection). Port forwarding can also be specified in the configuration file. ...

iptables forward to local different port
Hi there, I am running iptables 1.2.7 on my Linux box as a firewall. I have a web server https://www.company.com:8064/ running well on this Linux box to Internet. Now, I want any client request https://www.company.com/ (port 443) to be redirected/forwarded to port 8064. How could I run iptables to do this? Thanks in advance, Ross "Ross" <nospam@ross.com> wrote in news:tKadnRV7y-2u4xXZnZ2dnUVZ_u2dnZ2d@magma.ca: > Hi there, > I am running iptables 1.2.7 on my Linux box as a firewall. > I have a web server https://www.company.com:8064/ running well on this > Li...

remote/reverse port forward, ssh client setting source IPs to what ssh server reports
Note: most of this post is based on OpenSSH When I do a remote forward (port on server listens for incoming traffic, traffic gets forwarded to port that is listening on client), the source IPs of all the incoming connections in the server app on the client machine are 127.0.0.1/localhost. Using "-v", I can see that sshd passes the IP addresses of what computers connected to the sshd's port that forwards to the client. The client does not use/set the originating information when connect. RFC 4254 requires the server send the originating IP across the wire to the client. ------------------------------------------------------------------------------------------------------------------------- 7.2. TCP/IP Forwarding Channels When a connection comes to a port for which remote forwarding has been requested, a channel is opened to forward the port to the other side. byte SSH_MSG_CHANNEL_OPEN string "forwarded-tcpip" uint32 sender channel uint32 initial window size uint32 maximum packet size string address that was connected uint32 port that was connected ###string originator IP address########################################### uint32 originator port -------------------------------------------------------------------------------------------------------------------------- The 'originator IP address' is the numeric IP address of the machine from where the conn...

Socket Send and Receive, Same local port, Different Remote Port
I'm having a problem opening a socket and receiving a response from a different IP/port than what I'm sending to. Here is what I'm trying to do: Open Socket with IP/Port (A,B) Send to location with IP/Port (C,D) Immediately receive response on IP/Port (A,B) from IP/Port (X,Y), or any IP/Port other than (C,D) My problem is that in order for me to send to (C,D) I have to create the socket with peer address/port (C,D), so only responses from (C,D) are allowed. I have tried setting up the socket to use (C,D), then tearing it down and recreating it with no peer IP/port specified but...

Warning: remote port forwarding failed for listen port 4043
I have a script that does a port forwarding for me: ssh -n -R localhost:4043:localhost:22 remoteserver.example.com The problem with this is that if port forwarding fails, ssh prints Warning: remote port forwarding failed for listen port 4043 But it STAYS CONNECTED instead of properly failing with exit code. So it is a MAJOR pain to detect this condition and kill ssh. How can I change is so that, when report port forwarding cannot be accomplished, ssh exits right away? I think that it is a bug, period. thanks i >>>>> "Ignoramus3694" == Ignoramus3694 <ignoramus3694@NOSPAM.3694.invalid> writes: Ignoramus3694> I have a script that does a port forwarding for me: ssh Ignoramus3694> -n -R localhost:4043:localhost:22 Ignoramus3694> remoteserver.example.com Ignoramus3694> The problem with this is that if port forwarding fails, Ignoramus3694> ssh prints Ignoramus3694> Warning: remote port forwarding failed for listen port Ignoramus3694> 4043 Ignoramus3694> But it STAYS CONNECTED instead of properly failing with Ignoramus3694> exit code. Ignoramus3694> So it is a MAJOR pain to detect this condition and kill Ignoramus3694> ssh. Ignoramus3694> How can I change is so that, when report port Ignoramus3694> forwarding cannot be accomplished, ssh exits right Ignoramus3694> away? Reading the documentation [ssh_config(5)]: ExitOnForwardFai...

Question concerning remote port-forwarding with SSH
I have difficulties to find out when I should use SSH remote port-forwarding e.g. ssh sshserver -R 7777:localhost:110 Notice the -R and instead of -L This would cause a data traffic (with the syntax: in-port:machine:out-port): MailClient(on remote):* -> 7777:SSHServer:* -> 22:SSHClient(on localhost):* -> 110:MailServer(on localhost) Are the following statement correct: - Use remote port-forwarding (-R) when the connection between SSH-Server and ApplicationServer (e.g.MailServer) should be encrypted - Use "normal" port-forwarding (-L) when the connection between App...

How to make local port forward available remotely
Because of a firewall I have at work I can only get out on port 80. What I would like to do is reach port 80 of my home machine that gets fowarded to an audio stream coming from remote.com:8016. On my home machine (myserver.com) I use: ssh -L 80:remote.com:8016 root@myserver.com -g This allows me to connect locally (on my home machine) so that myserver.com:80 redirects the data and I can listen via iTunes. However, I cannot connect from a third machine (i.e., my work machine or any other machine for that matter). Is there a way to allow any incoming port 80 traffic to myserver.com:80 to redirect to remote.com:8016? tom@langan.net (Nemozob) writes: >Is there a way to allow any >incoming port 80 traffic to myserver.com:80 to redirect to >remote.com:8016? It sounds like simple port forwarding. % socat TCP4-LISTEN:80,reuseaddr TCP4:remote.com:8016 No tunnel involved, hence no ssh. --kyler perhaps your work admins dont want you hogging up their internet bandwidth with music instead of work functions. you might want to ask them. "Nemozob" <tom@langan.net> wrote in message news:1716ef78.0401161405.11a68547@posting.google.com... > Because of a firewall I have at work I can only get out on port 80. > What I would like to do is reach port 80 of my home machine that gets > fowarded to an audio stream coming from remote.com:8016. > > On my home machine (myserver.com) I use: > > ssh -L 80:remote.com:8016 root@myserver.com -g > ...

Ports....Ports....Ports...
I have a linksys WRT54G wireless access point and I have't been able to get voice communications using Windows Messenger or Buddy Talk. With a direct PPOE connection to my isp they voice items worked fine. What ports need to be forwarded to allow for voice? Thanx, Grumpy On Fri, 08 Aug 2003 15:05:30 GMT, William Harper spoketh >I have a linksys WRT54G wireless access point and I have't been able to get >voice communications using Windows Messenger or Buddy Talk. With a direct >PPOE connection to my isp they voice items worked fine. What ports need to >be forwarded...

port forwarding/ opening port
hi i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed. i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL Router from Huawei, china its having NAT & built in firewall.,,, i'm also using Win XP Firewall to protect my pc.. i want to know how to use port forwarding & how to open port on router so that i can establish connection, also i didn't understand the UDP & TCP, what is it all about? i want to open port for radmin connection... also, how to know that how much secure my pc is from internet... any resource... i have referred to router ...

port forward / port changing
Hi all I have my router set up to port forward various ports across, eg ExtIP:25 -> Mail:25 ExtIP:80 -> Web:80 but I cant figure out how to make the ports different. Eg i have another interal web server which i want to make available externally... ExtIP:8000 -> OtherWeb:80 what is the exact command for this? I've tried ip nat inside source static tcp 192.168.176.150 80 interface Dialer1 8000 but I dont seem to be getting anywhere. It's an 827 running IOS 12.3(15). Thanks Mike Never mind, I have it working now. Mistyped the port in my external access list. My ...

port forwarding for multiple ports
Hello, Is there any way to do a port forwarding (ssh -L localport:remotehost:remoteport) for a range of ports? If do not, can I do a port forwarding dinamically? (is there any application that do something like this?) Thanks, RFT. rodrigofteixeira@yahoo.com.br (RFT) writes: >Is there any way to do a port forwarding (ssh -L >localport:remotehost:remoteport) for a range of ports? Not readily that I'm aware. >If do not, can I do a port forwarding dinamically? (is there any >application that do something like this?) There's the -D command (which supports SOCKS right now). I've also hacked at the source to do more interesting things. It's certainly possible to do what you want with an unmodified SSH server. The trick is convincing a client to do it. I've been playing with Twisted.Conch to do this. --kyler In article <610789b8.0404261242.35824a3b@posting.google.com>, RFT <rodrigofteixeira@yahoo.com.br> wrote: >Is there any way to do a port forwarding (ssh -L >localport:remotehost:remoteport) for a range of ports? Use lots of "-L" command line options :-? >If do not, can I do a port forwarding dinamically? (is there any >application that do something like this?) It depends on what you mean by "dynamically". Some implementations (eg, PuTTY, OpenSSH, possibly others) have a "dynamic forward" option which implements a SOCKS server in the SSH client, so if you application understands...

Port forwarding with different internal/external ports on Linksys wireless G router
I have a Linksys WRT54G router that I want to set up like I had my old Belkin one setup: I have RDP turned on and exposed via port forwarding, but as port 10000 instead of port 3389. Belkin allowed an external port to be specified for teh internal one, butthe PF option on the Linksys config does not appear to allow specifying a different external port. Is this possible? Right now, I am doing the mapping via my XP firewall (creating a new "port" whose extenral port is 10000 and whose internal port is 3389), but I'd like to do it all from within the router itself if possible. ...

Deny remote hosts to connect to local forwarded ports
Greetings! I have a linux server with ssh server behind a firewall and recently noticed users establish ssh tunnels to remote machines and enable the "-g Allows remote hosts to connect to local forwarded ports." option, which is not convenient at the moment. I could deny this on the firewall, but once the connections are started from the inside i would have to deny all outgoing ssh connections... (I think) I am trying to disable this feature in the config files for sshd and ssh, so I looked at the ssh_config and sshd_config man pages and found the following directives: AllowTcpForwarding and GatewayPorts I tried setting both to "no" and restarting sshd, but users are still able to establish the tunnels. Question: Is there any way of disabling the -g option, used in ssh, in the config files or do I have to compile with the --disable-tcp-forwarding (or some other) option ? The command people in my server is using to establish the tunnel is (the ports are examples...): /usr/bin/ssh -a -f -T -x -N -C -g -R 2221:localhost:22 -l theUserName someHost.foo.com sleep 100000 ....then in someHost.foo.com they use the tunnel with: /usr/bin/ssh theUserName@localhost -p 2221 Thanks in advance, LL > The command people in my server is using to establish the tunnel is > (the ports are examples...): > /usr/bin/ssh -a -f -T -x -N -C -g -R 2221:localhost:22 -l theUserName > someHost.foo.com sleep 100000 > ...then in someHost.foo.com they use the tunnel ...

Web resources about - What is the difference between local port forwarding (-L) and remote port forwarding (-R) - comp.security.ssh

Difference - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

3Q EARNINGS: Mark Zuckerberg on the Differences Between Messenger and WhatsApp
When Facebook announced its intent to acquire cross-platform messaging application WhatsApp in February, questions surfaced on whether WhatsApp ...

Facebook Tips: What’s the Difference between Top News and Most Recent?
The following is part of our series, Facebook Tips, which answers some of the most commonly asked questions about using Facebook. While we hope ...

NAB Challenge: On-fire Fyfe the difference as Fremantle edge Adelaide
Nat Fyfe didn't appear to get out of first gear in Fremantle's thrilling two-point NAB Challenge win over Adelaide at Mount Barker on Sunday. ...

Matildas achieve target of boosting goal difference with 9-0 Olympic qualifier win over Vietnam
Australia's goal avalanche at the expense of a hapless Vietnam provides an important boost says Matildas captain Clare Polkinghorne.

Can voters tell the difference between a Trump quote and a Hitler quote?
How can one compare Donald Trump to Adolf Hitler? One is a highly successful businessman turned presidential candidate with absolutely no consistency ...

Bulpett: Celtics made bid for Jimmy Butler in search of 'difference maker'
We were told repeatedly in the days leading up to the NBA trade deadline the Celtics were pushing hard to muster their assets and buy themselves ...

Byron York: Trump Exposed ‘Enormous Difference’ Between Republican Elitist and Voters on Issues
Byron York: Trump Exposed 'Enormous Difference' Between Republican Elitist and Voters on Issues

Sanders stresses differences with Clinton in Super Tuesday run-up
"I don't go to Wall Street in the morning and talk to unions in the afternoon," senator tells steelworkers

Turkish PM visits Iran despite differences on Syria
TEHRAN, Iran (AP) — Iranian state TV says Turkey's prime minister has met with Iranian officials to discuss Syria, where the two nations back ...

Resources last updated: 3/7/2016 1:55:53 PM