Posted on
Spread the love

What to do if, for example, “host2” does not have a white IP address, is it behind NAT or in general all incoming connections to it are closed? Or, for example, Windows is on “host2” and there is no possibility to install an SSH server?

This case, there is Remote TCP forwarding:

Now you need to establish an ssh connection in the opposite direction – from “host2” to “host1”. Those. Our administrative workstation will be an SSH server and will be available over SSH with “host2”, and on “host2” we will need to connect with an SSH client:

ssh -R 9999: localhost: 5432 host1 , If on “host2” Windows

How it works

You will also have additional security issues on “host1” if you do not trust the host2 node. However, this is beyond the scope of this article.

And, of course, you somehow (yourself or with outside help) must initiate an ssh connection from “host2” by entering the above command, and “host1” must have a white IP address and an open SSH port.

After installing an ssh connection, everything works in the same way as the previous chapter.

3) TCP forwarding chain through several nodes

In closed networks, it often happens that the node we need is directly unavailable. Those. we can go to the desired host only by the chain, for example, host1 → host2 → host3 → host4:

host1 # ssh host2 , host2 # ssh host3 , host3 # ssh host4 , host4 # echo hello host4

This can occur, for example, if these nodes are gateways, or if only gateways to neighboring subnets are accessible on them.

In this case, we can also do TCP forwarding along the chain:

Here, ports 9991, 9992, 9993 are chosen for clarity, in practice you can use the same port (for example, 9999), if it is free on all nodes.

Total need to run the following command chain:

# ssh -L 9991: localhost: 9992 host2 , host2 # ssh -L 9992: localhost: 9993 host3 , host3 # ssh -L 9993: localhost: 5432 host4

How it works

4) TCP forwarding ssh connections

Sometimes you need to connect via ssh to a server that is directly unavailable, and access is possible only via a chain of ssh servers (see previous chapter). Now we have the necessary knowledge to do the following:

host1 # ssh -L 2222: localhost: 2222 host2 , host2 # ssh -L 2222: host4: 22 host3