8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Home » Articles » Linux » Here
SSH Tunnel (Port Forwarding) to access
This short post will demonstrate opening a SSH tunnel to get to a port on a remote server, which you don't have firewall access to reach. There are a number of different types of port forwarding. This post only considers the scenario of a client PC connecting to a server.
The Problem
There are times where you have SSH access to a server, but you don't have direct access to a number of other ports on the server, as they are locked down by a local firewall and only available from the local machine or from specified servers and load balancers.
The Solution (SSH Tunnel)
A SSH tunnel, or port forwarding, allows you to associates a local port on your PC with a remote port on a server. All the traffic is tunnelled through port 22, so you don't have to worry about not having direct access to ports through the local firewall on the server. It may sound a little like a security hole, but remember it can only be done by someone with direct SSH access to the server, so it's pretty simple to police.
Let's assume we have a web service listening on port 9000 on the server, but port 9000 is not opened on the server's local firewall, so it's not accessible to my PC. I could issue to the following command to associate port 9000 on my PC with port 9000 on the remote server. This would require SSH authentication in the normal way.
ssh -L 9000:127.0.0.1:9000 my_user@my-remote-server
I could then access the service on the remote server using the following URL on my PC.
http://localhost:9000/...
If the SSH connection were using a key-pair, we might do the following instead. It's the same as before, but using the "-i" flag to pass the key.
ssh -i obsite.pem -L 9000:127.0.0.1:9000 my_user@my-remote-server
For more information see:
Hope this helps. Regards Tim...