Port forwarding provides:
1. SSH Client encrypted data communication between end-to-end SSH Server.
2. break through the firewall restrictions before the completion of some TCP connection can not be established.
But only forward tcp connection, you want to forward the UDP, the need to install software.
scene one:
There are A, B two machines, ssh can visit each other, but all the other organizations on the B-firewall port access, want the ssh forwarding, so A 8000 B 8001 Port Access port.
ip A's: 192.168.66.19
B's ip: 192.168.66.78
Open the firewall systemctl start firewalld within B.
Access to port B from A 8001 returns:
OSError: [Errno 113] No route to host
Configuring remote forwarding on A:
ssh -L 8000:localhost:8001 -fN test@192.168.66.78
Plus displays without fN landing [email protected] establish a connection, plus after establishing in the background.
Modify test scripts to access the local port 8000:
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect(('localhost', 8000)) client.send("hello world".encode('utf-8'))
code on the server machine B as follows:
import socket import sys server = socket.socket(socket.AF_INET,socket.SOCK_STREAM) server.bind(('192.168.66.78', 8001)) while True: print("listening on 8001") server.listen(5) conn,addr = server.accept() print("accept ", addr) data = conn.recv(1024) print(data) conn.close()
The results show
channel 2: open failed: connect failed: Connection refused
Later found, server code on B needs to listen to a local port of 8001, the code to read:
server.bind(('127.0.0.1', 8001))
And then tests show a successful connection.
Reference: https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/
Remote forwarding and local forwarding the same principle, the difference lies only be configured on which host.
There is a drawback is that, ssh forwarding ordinary users can set, if you want to cancel forwarding, you can modify / etc / ssh / sshd_config, prohibit forwarding.