Bookmark and Share

Understanding SSH Tunneling.

Posted: Sunday, January 11th, 2009 at 12:01 amUpdated: Friday, January 30th, 2009 at 10:08 pm

SSH tunneling is, I think, one of the most powerful and important feature of SSH protocol. It’s also known as port forwarding. So what is port forwarding? The easiest thing to explain this, I think, is by example.

Let’s say you have your own server or a hosting account with shell access at some company. Let’s also say that you have a database server on the server (MySQL, PostgreSQL or the likes). For security purposes, the database is set to listen only to localhost. That way, no one can directly connect to your database from the internet.

singleservernetwork
Typical Single Server Configuration

Another scenario. Let’s say in an office network, the network admin has setup 2 zones: DMZ and Local Office. The office is small enough that they don’t have VPN setup. You want to access your office workstation from your home, but it lives on local network.

dmznetwork
Local Office – DMZ Network

In the typical single server scenario, you can’t directly connect to MySQL or PostgreSQL from internet because the servers are set to only listen to localhost IP (127.0.0.1) which you can’t access from anywhere except from inside the server. You also can’t connect to any computer in Local Office Network because it is setup on local IP which also not accessible from internet.

So if you are on the internet, you need to access MySQL or PostgreSQL server from your home (or anywhere in the internet), how do we do this?

Pages: 1 2

2 Responses to “Understanding SSH Tunneling.”

  1. Zack Says:

    Very helpful. I have been trying to get a grasp on this topic, and this helped clarify what the source and destination ports meant and how the ssh server fits into all of this.

    Thanks

  2. Arindam Says:

    This is helpful .. very helpful. Thanks a lot.

Leave a Reply