= 2011-10-30 = == SSH Port Forward == * <情境> 有些網路環境綁得很死,像是會擋 VNC (5800~59**) 連線埠,這時候就只能用 SSH 穿牆術了~ * <解法> 語法: {{{ ssh -L 5902:localhost:5901 user@A.B.C.D }}} {{{ #!txt +-------------------+ +-------------------------+ | | Firewall | | | vncviewer +-------------XX + 0.0.0.0:5901 vnc server | | | || | | | ssh client +-------------OO-------+ 0.0.0.0:22 ssh server | | | || | | +-------------------+ +-------------------------+ My Notebook Public Server localhost IP address : A.B.C.D ||| on localhost ||| Run following command ||| 'ssh -L 5902:localhost:5901 ||| user@A.B.C.D' VVVVV VVV V +-------------------+ +-------------------------+ | | Firewall | | | + 127.0.0.1:5902 +===+ || +===+ 0.0.0.0:5901 vnc server | | | | | || | | | | | ssh client +---+---------OO---+---+ 0.0.0.0:22 ssh server | | | | || | | | +----- vncviewer | || | | +-------------------+ +-------------------------+ My Notebook Public Server localhost IP address : A.B.C.D }}} * 這是 [wiki:jazz/09-02-28 2009-02-28] 畫的另一個情境,再重畫一次,或許會比較清楚。三台電腦的關係: {{{ +-----------------+ NAT Firewall +--------------------------+ | | || || | | | web browser +--OO---------------------------------->XX + 0.0.0.0:80 web server | | | || || | | | | || +--------------------------+ || | | | | || | | || | | | | || | [ ssh server ] | || | | | ssh client +--OO-->+ 0.0.0.0:22 0.0.0.0:22 +<---OO----+ ssh client | | | || | | || | | | | || | ssh client +--->XX + 0.0.0.0:22 ssh server | | | || | | || | | +-----------------+ || +--------------------------+ || +--------------------------+ My Notebook Public Server Private Server localhost IP address : A.B.C.D ( private IP address ) ||| on Private Server ||| run following commands ||| 'nohup ssh -f -N -R 10000:localhost:22 user@A.B.C.D' ||| to generate forward **** ||| VVVVV 'nohup ssh -f -N -R A.B.C.D:8123:localhost:80 user@A.B.C.D' VVV to generate forward ==== V +-----------------+ NAT +--------------------------+ Firewall +--------------------------+ | | || | | || | | | web browser +--OO-->+ A.B.C.D:8123 +==+ || +==+ 0.0.0.0:80 web server | | | || | | | || | | | | | || | [ ssh server ] | | || | | | | ssh client +--OO-->+ 0.0.0.0:22 0.0.0.0:22 +<-+-OO-+--+ ssh client | | | || | | | || | | | | | || | +-------- ssh client | | || | | | | | || | | | | || | | | | | || | +---> 127.0.0.1:10000 +**+ || +**+ 0.0.0.0:22 ssh server | | | || | | || | | +-----------------+ || +--------------------------+ || +--------------------------+ My Notebook Public Server Private Server localhost IP address : A.B.C.D ( private IP address ) }}}