wiki:jazz/11-10-30

2011-10-30

SSH Port Forward

  • <情境> 有些網路環境綁得很死,像是會擋 VNC (5800~59) 連線埠,這時候就只能用 SSH 穿牆術了~
  • <解法> 語法:
    ssh -L 5902:localhost:5901 user@A.B.C.D
    
      +--------------------+                      +-------------------------+
      |                    |          Firewall    |                         |
      |          vncviewer +------------>XX       + 0.0.0.0:5901 vnc server |
      |                    |             ||       |                         |
      |         ssh client +-------------OO------>+ 0.0.0.0:22   ssh server |
      |                    |             ||       |                         |
      +--------------------+                      +-------------------------+
           My Notebook                                   Public Server
            localhost                               IP address : A.B.C.D
    
                                         |||
             on localhost                |||
         Run following command           |||
      'ssh -L 5902:localhost:5901        |||
            user@A.B.C.D'               VVVVV
                                         VVV
                                          V
    
      +--------------------+                      +-------------------------+
      |                    |          Firewall    |                         |
      | +-> 127.0.0.1:5902 +==>+         ||   +<==+ 0.0.0.0:5901 vnc server |
      | |                  |   |         ||   |   |                         |
      | |       ssh client +---+-------->OO---+-->+ 0.0.0.0:22   ssh server |
      | |                  |             ||       |                         |
      | +------- vncviewer |             ||       |                         |
      +--------------------+                      +-------------------------+
           My Notebook                                   Public Server
            localhost                               IP address : A.B.C.D
    
  • 這是 2009-02-28 畫的另一個情境,再重畫一次,或許會比較清楚。三台電腦的關係:
      +-----------------+  NAT                               Firewall +--------------------------+
      |                 |  ||                                   ||    |                          |
      |    web browser  +--OO---------------------------------->XX    + 0.0.0.0:80 web server    |
      |                 |  ||                                   ||    |                          |
      |                 |  ||   +--------------------------+    ||    |                          |
      |                 |  ||   |                          |    ||    |                          |
      |                 |  ||   |      [ ssh server ]      |    ||    |                          |
      |      ssh client +--OO-->+ 0.0.0.0:22    0.0.0.0:22 +<---OO----+ ssh client               |
      |                 |  ||   |                          |    ||    |                          |
      |                 |  ||   |               ssh client +--->XX    + 0.0.0.0:22 ssh server    |
      |                 |  ||   |                          |    ||    |                          |
      +-----------------+  ||   +--------------------------+    ||    +--------------------------+
    
          My Notebook                  Public Server                         Private Server
           localhost                IP address : A.B.C.D                  ( private IP address )
    
                                           |||                              on Private Server
                                           |||                            run following commands
                                           |||           'nohup ssh -f -N -R 10000:localhost:22 user@A.B.C.D'
                                           |||                            to generate forward ****
                                           |||
                                          VVVVV   'nohup ssh -f -N -R A.B.C.D:8123:localhost:80 user@A.B.C.D'
                                           VVV                            to generate forward ====
                                            V
    
      +-----------------+  NAT  +--------------------------+ Firewall +--------------------------+
      |                 |  ||   |                          |    ||    |                          |
      |    web browser  +--OO-->+ A.B.C.D:8123             +==+ || +==+ 0.0.0.0:80 web server    |
      |                 |  ||   |                          |  | || |  |                          |
      |                 |  ||   |      [ ssh server ]      |  | || |  |                          |
      |      ssh client +--OO-->+ 0.0.0.0:22    0.0.0.0:22 +<-+-OO-+--+ ssh client               |
      |                 |  ||   |                          |  | || |  |                          |
      |                 |  ||   |    +--------  ssh client |  | || |  |                          |
      |                 |  ||   |    |                     |  | || |  |                          |
      |                 |  ||   |    +---> 127.0.0.1:10000 +**+ || +**+ 0.0.0.0:22 ssh server    |
      |                 |  ||   |                          |    ||    |                          |
      +-----------------+  ||   +--------------------------+    ||    +--------------------------+
    
          My Notebook                  Public Server                         Private Server
           localhost                IP address : A.B.C.D                  ( private IP address )
    
Last modified 13 years ago Last modified on Oct 30, 2011, 11:36:07 PM

Attachments (1)

Download all attachments as: .zip