SSH tunneling is, I think, one of the most powerful and important feature of SSH protocol. It’s also known as port forwarding. So what is port forwarding? The easiest thing to explain this, I think, is by example.
Let’s say you have your own server or a hosting account with shell access at some company. Let’s also say that you have a database server on the server (MySQL, PostgreSQL or the likes). For security purposes, the database is set to listen only to localhost. That way, no one can directly connect to your database from the internet.
Typical Single Server Configuration
Another scenario. Let’s say in an office network, the network admin has setup 2 zones: DMZ and Local Office. The office is small enough that they don’t have VPN setup. You want to access your office workstation from your home, but it lives on local network.
Local Office – DMZ Network
In the typical single server scenario, you can’t directly connect to MySQL or PostgreSQL from internet because the servers are set to only listen to localhost IP (127.0.0.1) which you can’t access from anywhere except from inside the server. You also can’t connect to any computer in Local Office Network because it is setup on local IP which also not accessible from internet.
So if you are on the internet, you need to access MySQL or PostgreSQL server from your home (or anywhere in the internet), how do we do this?