| version 1.401, 2019/03/05 16:17:12 |
version 1.402, 2019/03/16 19:14:21 |
|
|
| when errors are being written to stderr. |
when errors are being written to stderr. |
| .El |
.El |
| .Sh TCP FORWARDING |
.Sh TCP FORWARDING |
| Forwarding of arbitrary TCP connections over the secure channel can |
Forwarding of arbitrary TCP connections over a secure channel |
| be specified either on the command line or in a configuration file. |
can be specified either on the command line or in a configuration file. |
| One possible application of TCP forwarding is a secure connection to a |
One possible application of TCP forwarding is a secure connection to a |
| mail server; another is going through firewalls. |
mail server; another is going through firewalls. |
| .Pp |
.Pp |
| In the example below, we look at encrypting communication between |
In the example below, we look at encrypting communication for an IRC client, |
| an IRC client and server, even though the IRC server does not directly |
even though the IRC server it connects to does not directly |
| support encrypted communications. |
support encrypted communication. |
| This works as follows: |
This works as follows: |
| the user connects to the remote host using |
the user connects to the remote host using |
| .Nm , |
.Nm , |
| specifying a port to be used to forward connections |
specifying the ports to be used to forward the connection. |
| to the remote server. |
After that it is possible to start the program locally, |
| After that it is possible to start the service which is to be encrypted |
|
| on the client machine, |
|
| connecting to the same local port, |
|
| and |
and |
| .Nm |
.Nm |
| will encrypt and forward the connection. |
will encrypt and forward the connection to the remote server. |
| .Pp |
.Pp |
| The following example tunnels an IRC session from client machine |
The following example tunnels an IRC session from the client |
| .Dq 127.0.0.1 |
to an IRC server at |
| (localhost) |
|
| to remote server |
|
| .Dq server.example.com : |
|
| .Bd -literal -offset 4n |
|
| $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 |
|
| $ irc -c '#users' -p 1234 pinky 127.0.0.1 |
|
| .Ed |
|
| .Pp |
|
| This tunnels a connection to IRC server |
|
| .Dq server.example.com , |
.Dq server.example.com , |
| joining channel |
joining channel |
| .Dq #users , |
.Dq #users , |
| nickname |
nickname |
| .Dq pinky , |
.Dq pinky , |
| using port 1234. |
using the standard IRC port, 6667: |
| It doesn't matter which port is used, |
.Bd -literal -offset 4n |
| as long as it's greater than 1023 |
$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 |
| (remember, only root can open sockets on privileged ports) |
$ irc -c '#users' pinky IRC/127.0.0.1 |
| and doesn't conflict with any ports already in use. |
.Ed |
| The connection is forwarded to port 6667 on the remote server, |
|
| since that's the standard port for IRC services. |
|
| .Pp |
.Pp |
| The |
The |
| .Fl f |
.Fl f |
|
|
| .Dq sleep 10 |
.Dq sleep 10 |
| is specified to allow an amount of time |
is specified to allow an amount of time |
| (10 seconds, in the example) |
(10 seconds, in the example) |
| to start the service which is to be tunnelled. |
to start the program which is going to use the tunnel. |
| If no connections are made within the time specified, |
If no connections are made within the time specified, |
| .Nm |
.Nm |
| will exit. |
will exit. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh