wiki:jazz/11-10-30

Version 5 (modified by jazz, 13 years ago) (diff)

--

2011-10-30

SSH Port Forward

  • <情境> 有些網路環境綁得很死,像是會擋 VNC (5800~59) 連線埠,這時候就只能用 SSH 穿牆術了~
  • <解法> 語法:
    ssh -L 5902:localhost:5901 user@A.B.C.D
    
      +-------------------+                      +-------------------------+
      |                   |          Firewall    |                         |
      |         vncviewer +-------------XX       + 0.0.0.0:5901 vnc server |
      |                   |             ||       |                         |
      |        ssh client +-------------OO-------+ 0.0.0.0:22   ssh server |
      |                   |             ||       |                         |
      +-------------------+                      +-------------------------+
           My Notebook                                   Public Server
            localhost                               IP address : A.B.C.D
    
                                        |||
             on localhost               |||
         Run following command          |||
      'ssh -L 5902:localhost:5901       |||
            user@A.B.C.D'              VVVVV
                                        VVV
                                         V
    
      +-------------------+                      +-------------------------+
      |                   |          Firewall    |                         |
      |  + 127.0.0.1:5902 +===+         ||   +===+ 0.0.0.0:5901 vnc server |
      |  |                |   |         ||   |   |                         |
      |  |     ssh client +---+---------OO---+---+ 0.0.0.0:22   ssh server |
      |  |                |             ||       |                         |
      |  +----- vncviewer |             ||       |                         |
      +-------------------+                      +-------------------------+
           My Notebook                                   Public Server
            localhost                               IP address : A.B.C.D
    
  • 這是 2009-02-28 畫的另一個情境,再重畫一次,或許會比較清楚。三台電腦的關係:
      +-----------------+  NAT                               Firewall +--------------------------+
      |                 |  ||                                   ||    |                          |
      |    web browser  +--OO---------------------------------->XX    + 0.0.0.0:80 web server    |
      |                 |  ||                                   ||    |                          |
      |                 |  ||   +--------------------------+    ||    |                          |
      |                 |  ||   |                          |    ||    |                          |
      |                 |  ||   |      [ ssh server ]      |    ||    |                          |
      |      ssh client +--OO-->+ 0.0.0.0:22    0.0.0.0:22 +<---OO----+ ssh client               |
      |                 |  ||   |                          |    ||    |                          |
      |                 |  ||   |               ssh client +--->XX    + 0.0.0.0:22 ssh server    |
      |                 |  ||   |                          |    ||    |                          |
      +-----------------+  ||   +--------------------------+    ||    +--------------------------+
    
          My Notebook                  Public Server                         Private Server
           localhost                IP address : A.B.C.D                  ( private IP address )
    
                                           |||                              on Private Server
                                           |||                            run following commands
                                           |||           'nohup ssh -f -N -R 10000:localhost:22 user@A.B.C.D'
                                           |||                            to generate forward ****
                                           |||
                                          VVVVV   'nohup ssh -f -N -R A.B.C.D:8123:localhost:80 user@A.B.C.D'
                                           VVV                            to generate forward ====
                                            V
    
      +-----------------+  NAT  +--------------------------+ Firewall +--------------------------+
      |                 |  ||   |                          |    ||    |                          |
      |    web browser  +--OO-->+ A.B.C.D:8123             +==+ || +==+ 0.0.0.0:80 web server    |
      |                 |  ||   |                          |  | || |  |                          |
      |                 |  ||   |      [ ssh server ]      |  | || |  |                          |
      |      ssh client +--OO-->+ 0.0.0.0:22    0.0.0.0:22 +<-+-OO-+--+ ssh client               |
      |                 |  ||   |                          |  | || |  |                          |
      |                 |  ||   |    +--------  ssh client |  | || |  |                          |
      |                 |  ||   |    |                     |  | || |  |                          |
      |                 |  ||   |    +---> 127.0.0.1:10000 +**+ || +**+ 0.0.0.0:22 ssh server    |
      |                 |  ||   |                          |    ||    |                          |
      +-----------------+  ||   +--------------------------+    ||    +--------------------------+
    
          My Notebook                  Public Server                         Private Server
           localhost                IP address : A.B.C.D                  ( private IP address )
    

Attachments (1)

Download all attachments as: .zip