[oclug] ssh portforwarding.
dmo at magma.ca
Wed Jan 28 16:14:48 EST 2004
On Wed, Jan 28, 2004 at 04:16:03PM -0500, Matt Rose wrote:
> Is this possible.
> I want to be able to view the web page of an IP phone behind a linux
> firewall. I figure I can do this using ssh, but I have no idea how. the
> phone isn't running SSH, but I should be able to just use ssh to tunnel
> port 80 from the phone, to a port on the linux firewall, but I have no
> idea of the exact ssh syntax, or where to call it from. Can anyone help?
Yep, what you want is in the -L option of SSH. Something like:
# ssh -L 8080:internalserver:80 gate.example.com
will redirect port 80 of internalserver to port 8080 on your local
machine. The 'internalserver' hostname gets resolved on the
gate.example.com machine, so you can use internal DNS names when running
the ssh command.
Once you've done that, you'll be able to connect to port 8080 on your
local machine, and it will be forwarded via SSH through gate.example.com
to internalserver as long as your SSH session is active. Note that
while the connection will be encrypted between your machine and
gate.example.com, it won't be between gate.example.com and
If you want to do this a lot, you might want to add an entry to your
LocalForward 8080 internalserver:80
Then you'll be able to connect with
# ssh gate-withtunnel
If you just want to forward a port and don't actually want a shell on
your gateway machine, you can add the -f (automatically background the
ssh command after asking for passwords/passphrases) and -N (don't
execute a command on the remote server) options, like so:
# ssh -fN gate-withtunnel
More information about the OCLUG