Table of contents
4.1 Establish local forwarding tunnel
1. Problem description
My desktop manages two virtual machines (A and B) through different VPNs. Virtual machines A and B cannot communicate with each other. I want to use an ssh tunnel to achieve communication between A and B with the help of an intermediate machine (my desktop). Copy files to each other.
2. Environmental information
After dialing VPN, log in to virtual machine A and see the following information:
Connecting to 10.202.1.126:7009...
Connection established.
To escape to local shell, press Ctrl+Alt+].
Last login: Tue Jul 11 11:15:54 2023 from 10.110.110.24
We learned:
Desktop IP (the IP of virtual machine A after dialing VPN): 10.110.110.24
IP and ssh port of virtual machine A: 10.202.1.126:7009
It is easy and possible to get the IP and ssh port of virtual machine B: 192.168.40.10:22
3. Solution ideas
Establish a local forwarding tunnel to B on the desktop computer. For example, use port 9998 to connect to B's ssh port 22. In this way, when A accesses the 9998 port of the desktop computer, it will be directly connected to B's ssh port.
4. Operation
4.1 Establish local forwarding tunnel
Without further ado, let’s get started:
Enter the following ssh command in the desktop cmd command line to establish a local forwarding tunnel to B.
ssh -f -N -L 10.110.110.24:9998:192.168.40.10:22 [email protected]
C:\Users\Administrator>ssh -f -N -L 10.110.110.24:9998:192.168.40.10:22 [email protected]
[email protected]'s password:
After pressing Enter, you need to enter the login password of virtual machine B for tunnel establishment authentication.
At this time, you can take a look at the local listening port of the desktop:
C:\Users\Administrator>netstat -an|findstr 9998
TCP 10.110.110.24:9998 0.0.0.0:0 LISTENING
4.2 Using tunnels for scp
Do the following on virtual machine A:
[root@node1 tmp]# scp -P 9998 /tmp/999.txt [email protected]:/tmp
Are you sure you want to continue connecting (yes/no)? yes
[email protected]'s password:
999.txt 100% 4 0.7KB/s 00:00
[root@node1 tmp]#
Instructions: Use scp to copy the file /tmp/999.txt to the /tmp directory of the desktop 10.110.110.24:9998.
Because the desktop has done local forwarding of the tunnel, 10.110.110.24:9998 has formed a tunnel with virtual machine B 192.168.40.10:22, so copying to 10.110.110.24:9998 will directly reach the ssh port of virtual machine B, here According to the prompts, enter the username and password of virtual machine B for authentication.
5. Verification
Log in to virtual machine B and verify the miraculous moment:
root@others tmp]# ip a |grep 192
inet 192.168.40.10/24 brd 192.168.40.255 scope global noprefixroute ens33
[root@others tmp]# ll /tmp/999.txt
-rw-r--r-- 1 root root 4 Jul 13 14:28 /tmp/999.txt
You can see that the file 999.txt has been copied from virtual machine A that could not communicate with each other before.
6. Reminder
When establishing a tunnel, you need to specify the IP of the desktop:
ssh -f -N -L 10.110.110.24:9998:192.168.40.10:22 [email protected]
Otherwise it will look like this:
ssh -f -N -L 9988:192.168.40.10:22 [email protected]
C:\Users\Administrator>netstat -an|findstr 9988
TCP 127.0.0.1:9988 0.0.0.0:0 LISTENING
TCP [::1]:9988 [::]:0 LISTENING
In this way, port 9988 of the desktop computer only listens at the loopback address 127.0.0.1, and virtual machine A cannot connect.
The knowledge of ssh tunnel is used in this article. If readers have any questions, they can leave a message to discuss together.