oh I hate when people done give complete examples!<br><br>I would use either of the following:<br><br> ssh home <-- same as ssh -p 5022 my.ip.at.home<br> ssh home-forward <-- sets up all the port forwarding<br>
<br>and of course you can always override via the command line:<br><br> ssh -L 9000:<a href="http://10.5.1.20:80">10.5.1.20:80</a> home <-- forward localhost:9000 to my nasbox web server<br><br>so from my web browser at work I could use the following to connect to my nasbox at home:<br>
<br> <a href="http://localhost:9000/">http://localhost:9000/</a><br><br>You can also daisychain these port forwarding using multiple hops. I've had to do as many as 3 hops. I used to provide after-hours support during observation runs at a remote location but but you could only connect via HQ machines which would only accept connections from their local or specific external sites like my desktop at work. But to get to that I had to go through a gateway as our machines were behind a firewall so I had to do something like this:<br>
<br>(home) ssh -L 9000:desktop:9001 gateway<br>(gateway) ssh -L 9001:hq:9002 desktop<br>(desktop) ssh -L 9002:webserver:80 hq<br><br>then I could access the remote webserver from the comfort of home using the following URL:<br>
<br> localhost:9000 <br><br>which was forwarded to my desktop on port 9001<br>which was forwarded to an hq machine on port 9002<br>which was forwarded to the realtime webserver on port 80.<br><br>I usually did a final hop to the summit machine to monitor logs but didn't have to forward ports once I was in. I don't recall if I ever had to do it in reverse to get X displays as it was usually too laggy so it was usually VI if I needed to edit anything.<br>
<br>What was tricky was that only some machines honored port forwarding so there was a lot of exploration trying to find the right path.<br><br>Claude<br><br><br><div class="gmail_quote">On Sat, Jan 12, 2013 at 2:30 PM, Lan Dang <span dir="ltr"><<a href="mailto:l.dang@ymail.com" target="_blank">l.dang@ymail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td style="font:inherit" valign="top"><p>So once you have set this up, what do you do to actually use it? You mentioned that you used two aliases</p>
<p>What does your ssh commandline look like now when you're establishing these connections?</p>
<p>Thanks,</p>
<p>Lan<br>
</p>
</td></tr></tbody></table> <div>
<div>
<br>
<div style="font-family:times new roman,new york,times,serif;font-size:12pt">
<font face="Tahoma">
<hr size="1">
<b>
<span style="font-weight:bold">From:</span>
</b>
Claude Felizardo <<a href="mailto:cafelizardo@gmail.com" target="_blank">cafelizardo@gmail.com</a>>; <br>
<b>
<span>To:</span>
</b>
SGVLUG Discussion List. <<a href="mailto:sgvlug@sgvlug.net" target="_blank">sgvlug@sgvlug.net</a>>; <br>
<div class="im">
<b>
<span>Subject:</span>
</b>
[SGVLUG] example .ssh/config for port forwarding <br>
</div><b>
<span style="font-weight:bold">Sent:</span>
</b>
Sat, Jan 12, 2013 8:08:23 AM <br>
</font><div><div class="h5">
<br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit" valign="top">During the ssh tunneling presentation at the last meeting I mentioned<br>that I set up quite a few forwards when I connect from work to home.<br>
Because I might open multiple connections I don't want to clutter my<br>screen with lots of bind errors because I have already created a<br>listener for the port so I have two aliases. The first just does a<br>simple connect, the other sets up a slew of forward assignments so I<br>
can access multiple devices at home. I can then open a web browser<br>and go to localhost:5001 to connect to my router for example. So<br>here's part of my .ssh/config file:<br><br>ForwardX11 yes<br>ForwardAgent yes<br>
ForwardX11Trusted yes<br><br>Host home<br> Hostname my.ip.at.home<br> Port 5022 <--
use non standard<br>port for ssh<br><br>Host home-forwards<br> Hostname my.ip.at.home<br> Port 5022 <-- use non standard<br>port for ssh<br> # forward connections to TiVos<br>
LocalForward <a href="tel:5052%2010.5.1.52" value="+15052105152" target="_blank">5052 10.5.1.52</a>:80 <- TiVo's have static IP's so I<br>just add my base port number<br> LocalForward <a href="tel:5053%2010.5.1.53" value="+15053105153" target="_blank">5053 10.5.1.53</a>:80<br>
LocalForward <a href="tel:5054%2010.5.1.54" value="+15054105154" target="_blank">5054 10.5.1.54</a>:80<br> # forward router<br> LocalForward 5001 <a href="http://10.5.1.1:80" target="_blank">10.5.1.1:80</a> <-- connect to router<br>
# forward voice<br> LocalForward 5002 <a href="http://10.5.1.2:80" target="_blank">10.5.1.2:80</a><br> # forward wireless router<br> LocalForward 5004 <a href="http://10.5.1.4:80" target="_blank">10.5.1.4:80</a><br>
# forward webmin<br> LocalForward 5010 localhost:10000<br><br> # forward voice<br> LocalForward 5254 <a href="http://10.5.1.254:80" target="_blank">10.5.1.254:80</a><br><br># file server<br>
LocalForward 5100 <a href="http://10.5.1.10:80" target="_blank">10.5.1.10:80</a> <-- web server<br> LocalForward <a href="tel:5122%2010.5.1.10" value="+15122105110" target="_blank">5122 10.5.1.10</a>:22 <-- ssh<br>
LocalForward 5110 <a href="http://10.5.1.10:10000" target="_blank">10.5.1.10:10000</a> <-- webmin<br><br># hp color printer<br> LocalForward 5211 <a href="http://10.5.1.21:80" target="_blank">10.5.1.21:80</a><br>
<br># ReadyNAS<br> LocalForward 5200 <a href="http://10.5.1.20:80" target="_blank">10.5.1.20:80</a><br> LocalForward 5222 <a href="http://10.5.1.20:22" target="_blank">10.5.1.20:22</a><br> LocalForward 5243 <a href="http://10.5.1.20:443" target="_blank">10.5.1.20:443</a><br>
<br># naspro<br> LocalForward 5300 <a href="http://10.5.1.30:80" target="_blank">10.5.1.30:80</a><br> LocalForward 5322 <a href="http://10.5.1.30:22" target="_blank">10.5.1.30:22</a><br> LocalForward <a href="tel:5343%2010.5.1.30" value="+15343105130" target="_blank">5343 10.5.1.30</a>:443<br>
<br><br>As you can see this would have required a horrendously long list of<br>-L lport:rhost:rport options.<br><br>Check the man page for ssh. Make note of the difference between -L<br>which opens ports on the local side vs -R which opens ports on the<br>
remote side.<br><br>I'll have to give
the -D option a try when I get a chance.<br><br>Claude<br><br></td>
</tr>
</tbody>
</table>
</div></div></div>
</div>
</div>
</blockquote></div><br>